I would like to know if it is possible to authenticate VPN users via LDAP to a security active directory group. I know you can do this with the WebVPN and assign different VPN group policies, but I would like to either permit/deny login access through the IPSEC VPN based on Active Directory group membership.
Sorry for piggybacking on your thread here, but I'm struggling with one part of what I'm trying to accomplish. I want to grant VPN access ONLY if the user is in a specific group. If the user isn't a member of that group, I want to deny access. Right now, group mapping is working (AD group to Tunnel Group), but any user that exists in Active Directory is allowed access.
The only solution I can come up with is to have two AD security groups, one that allows access and one that doesn't, and map the two groups to two different tunnel groups (again, one that allows and one that denies). This is less than ideal. Any thoughts from anyone?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...