Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

group-lock and ldap authentication

I have setup my users to authenticate via ldap for RA VPN on my ASA 5520. The users get logged in without any issues and get the correct information but I found the users are able to login under another group name. Originally I was using the tunnel-lock option when they were local users but now that appears to not be working anymore. I've setup the mapping to authenticate the users against AD with ldap, and retrieve the memberOf value and map this to the IETF-Class value. Is their something I'm missing?

2 REPLIES

Re: group-lock and ldap authentication

It sounds like you are on the right track. You can either configure the tunnel group lock under the respective group policy or utilize an LDAP attribute map to associate the lock. For example, you could look at the Department associated with the user and use the corresponding value to lock them to the corresponding tunnel group.

ldap attribute-map Tunnel-Lock

map-name department Tunnel-Group-Lock

New Member

Re: group-lock and ldap authentication

I tried the option to configure the tunnel group lock under the respective group policy but it does not seem to work...any ideas?

221
Views
0
Helpful
2
Replies