Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Complex scenario with ASA + Microsoft IAS

This is the scenario on AD Domain:

Users:
User1
User2
Administrator

Groups:
Group-1
Group-2

Computers:
Server-1
Server-2

Memberships:
User1 is member of Group-1
User2 is member of Group-2
Administrator is member of Group-1 and Group-2

In Microsoft IAS I currently have two policy:

Policy-1: members of Group-1 receive an acl to have access to Server-1 (priority 1)
Policy-2: members of Group-2 receive an acl to have access to Server-2 (priority 2)

Everything works fine with User1 and User2, the problem is that when Administrator logs in, he matches Policy-1, and so he has no access to Server-2.......

I found a solution:

Creating a group Group-Administrator
Crating a Policy-0: members of Group-Administrator have access to Server-1 and Server-2

But the side-effect, in the real-world, is that you are obliged to create a group for every user and a policy for every group, and I have 500+ users to manage (I need to move them from local users on the firewall to Active Directory)

The above is just an example, I'm trying to understand how to manage vpn access with groups on IAS without creating one-group for every user and as many policies as users, and I can't find a way to do that, any help would be very appriciated.

Everyone's tags (2)
176
Views
0
Helpful
0
Replies
CreatePlease to create content