How to restrict certain users in a tunnel group with access hours
I created below ldap attribute-map and applied it to the AD server used for authentication. Then created time-range and applied to group policy.
In AD server, for users that should have access to VPN only during office hours, I have put value "OfficeHours" in Office field. However for users that should have access to vpn 24 hours, i have left this field blank.
Now only users with value "OfficeHours" in Office field are getting connected in the specified time range. However other users never get connected. How can i fix this issue?
ldap attribute-map AccessHours_LDAPMAP
map-name msNPAllowDialin Tunneling-Protocols
map-value msNPAllowDialin FALSE 1
map-value msNPAllowDialin TRUE 20
map-name physicalDeliveryOfficeName Access-Hours
periodic Monday Tuesday Wednesday Thursday Saturday Sunday 8:30 to 18:00
How to restrict certain users in a tunnel group with access hour
Create another time-range "AllHours" allowing access for 24 hours and put this value in the "physicalDeliveryOfficeName" field in the AD server. This time-range is only binded to the users in AD server and not to group-policy. In group-policy still the "vpn-access-hours value OfficeHours" is same.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...