Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA5505 - Connection profile based on Active Directory group membership?

Hi

We are using a ASA5505 for clientless webbased SSL VPN connections.

Today I have only one connection profile with AAA authentication pointing to a RADIUS server in my Active Directory. To that connection profile is there a Group Policy assigned - and to that Group Policy there is some bookmarks assigned for the webvpn.

I would like to have different bookmarks for webvpn/clientless vpn users, based on their group membership in Active Directory - is that possible?

Like you have to be mener of a specific AD group to be allowed access to a specfic connection profile on the ASA?

Or is there another solution to accomplice this goal "differnet bookmarks based on AD group membership"

Best Regards, Steffen.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: ASA5505 - Connection profile based on Active Directory group

There are different ways to do that. The probably easiest is to keep your one connection-profile and to configure different group-policies for your user-groups. On the RADIUS-server you configure different rules that match on the internal AD group-membership. In the radius-profile you assign the right group-policy with the RADIUS atribute 25 whis is named the class-attribute.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
2 REPLIES
VIP Purple

Re: ASA5505 - Connection profile based on Active Directory group

There are different ways to do that. The probably easiest is to keep your one connection-profile and to configure different group-policies for your user-groups. On the RADIUS-server you configure different rules that match on the internal AD group-membership. In the radius-profile you assign the right group-policy with the RADIUS atribute 25 whis is named the class-attribute.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

ASA5505 - Connection profile based on Active Directory group mem

Thanks

372
Views
0
Helpful
2
Replies
CreatePlease login to create content