Cisco AnyConnect authenticate against LDAP group membership
In short, we are trying to create a Anyconnect profile on our Cisco ASA that authenticates against our LDAP (AD), but will only authenticate against a particular group. So, if your user account is a member of the group you are authenticated, if not, authentication fails.
Our current setup is 2 x Cisco ASA 5525-x running in HA, version 9.1(2). They are working to provide remote access via the Cisco AnyConnect for all of our remote users. Currently we have a AAA server setup to authenticate against the LDAP directory and that is working perfectly. As mentioned we wanted to create another AnyConnect policy that would authenticate against the same LDAP directory but only provide successful authentication is the user account was a member of that particular group.
Any help/direction would be greatly appreciated. Please let me know if you need more information.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...