I'm in the process of doing an SSL VPN configuration for a customer who wants to integrate the SSL VPN authentication with Active Directory. They want to be able to give each group in AD specific access rights. Essentially do access-lists per a group-policy straight from the firewall to LDAP. The customer doesn't have ACS so I can't use downloadable acl's. I'm familiar with user authentication to LDAP or RADIUS on the firewall, what I haven't done before is map LDAP group to a group policy on the firewall without using ACS.
Has anyone ever done this or know if it can be done with IAS?
You mention firewall so I am assuming you are deploying an ASA. There are a few different ways you can assign LDAP users to a group policy. You can then configure a tunnel group lock and network filter on the respective group policy. Another more flexible solution is to use DAP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...