Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA v7.2.2 AAA Authentication and Authorization

Hello,

I've got an ASA on which I terminate several VPN Tunnels (e.g. Cisco Client VPN). Now I want do change to the Authentication and Authorization:

- Authentication should be provided via Radius Connection to RSA Server (this works fine)

- Authorization should be provided by querying a Windows AD Groupmembership via a LDAP connection. The user should be only able to log in if he is member of a certain AD group.

And here's my problem: I can configure a LDAP conenction but I can't search for group membership... The next thing is that the authorization tab (tunnel group) is always empty...

Is there a way to do this??

Thank you very much for your help!

Best regards,

Markus

1 REPLY

Re: ASA v7.2.2 AAA Authentication and Authorization

"Authorization should be provided by querying a Windows AD Groupmembership via a LDAP connection. The user should be only able to log in if he is member of a certain AD group."

This is more like authentication than authorization to me.

Try using a CSA and if needed, link it to LDAP.

Authorization will specify what commands/type of access will be provided AFTER USER IS AUTHENTICATED.

Please rate if this helped.

Regards,

Daniel

114
Views
0
Helpful
1
Replies