Cisco ASA AnyConnect group policy assigned by Windows IAS/AD
I'm looking to centralize all of the VPN account (AnyConnect / SSLVPN) via our Active Directory. I would like to set up AD via IAS groups, based on security levels, and map those to the Cisco ASA group policy. Furthermore, I would like to assign an IP Address Pool based on the group.
Active Directory (Group) Cisco ASA VPN Group Policy IP Address Pool Security Level 1 Security_Level_1 192.168.1.1 - 192.168.1.10
Re: Cisco ASA AnyConnect group policy assigned by Windows IAS/AD
I've used IAS for remote access AAA, and it does work well. For your requirements, I might suggest plugging into AD directly using LDAPS. If you know your AD schema, it's not too difficult to get LDAP working. With LDAP, you can use an LDAP map to map AD groups to ASA Group Policies. You will also be able to prompt users to change their AD passwords when it nears expiration, which I'm not sure you can do via IAS/RADIUS.
The only thing you lose with LDAPS is Accounting. If you need it, you can still run that back to IAS or ACS/TACACS+.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...