Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Identity FW - ACL with AD Group not matching

Hello all,

I have set up our Cisco ASA 8.4(4)1 so that it works as an Identity Firewall. Everything is going fine, except the following:

I've made an ACL so that only allowed users access a few FTP servers. The thing is that those users belong to an Active Directory group. Using the AD group, the ACL is not being matched and therefore, is not working.

However, if I change that AD group and try only my AD user, it does work.

I have other ACLs matching AD groups and are working fine.

So my question is:

     Is there any limitation to those AD groups?

     What can I check to know why my user (that belongs to that AD group) is not being allowed while ACL includes AD group?

Any help will be appreciated.

Thanks in advance.

Best regards,

Igor

Everyone's tags (3)
3 REPLIES
New Member

Identity FW - ACL with AD Group not matching

Any idea of how could I try to solve this?

Thanks.

New Member

Identity FW - ACL with AD Group not matching

I've made another test. I've changed the group that matches the ACL and it works.

The differences between groups are:

- They're located in different OUs, but both are accessible.

- One has 6 users and the other many more.

Is there any kind of restriction on how many users a group can contain so that ASA is able to check it?

Other group that does not work is a group (Global_FTP) containing 3 different groups, being one of them that other group (FTP_OfficeXX).

Any help will be appreciated.

Thanks!!!

New Member

Identity FW - ACL with AD Group not matching

Hello again everybody,

I was wondering if maybe because of summer vacations this post was missing to some of you.

Anyone has any idea of why ACL does not match when using an old and with more members group?

Thanks in advance.

Best regards,

Igor

328
Views
0
Helpful
3
Replies
CreatePlease login to create content