Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco AnyConnect authenticate against LDAP group membership

Hi,

In short, we are trying to create a Anyconnect profile on our Cisco ASA that authenticates against our LDAP (AD), but will only authenticate against a particular group. So, if your user account is a member of the group you are authenticated, if not, authentication fails.

Our current setup is 2 x Cisco ASA 5525-x running in HA, version 9.1(2). They are working to provide remote access via the Cisco AnyConnect for all of our remote users. Currently we have a AAA server setup to authenticate against the LDAP directory and that is working perfectly. As mentioned we wanted to create another AnyConnect policy that would authenticate against the same LDAP directory but only provide successful authentication is the user account was a member of that particular group.

 

Any help/direction would be greatly appreciated. Please let me know if you need more information.


Thanks,
Cam

2 REPLIES
Community Member

Are you using Windows Server

Are you using Windows Server for Radius? 

If so, create a remote access policy that requires the user to be a member of a windows-group. 

Community Member

Hi Adam,Thanks for the

Hi Adam,

Thanks for the response. We aren't using Windows server for Radius.

The options we have is to use LDAP directly or we do have a Cisco ACS that authenticates using TACACS+.

 

Any other ideas?

Thanks.

180
Views
0
Helpful
2
Replies
CreatePlease to create content