Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN

I'm in the process of doing an SSL VPN configuration for a customer who wants to integrate the SSL VPN authentication with Active Directory. They want to be able to give each group in AD specific access rights. Essentially do access-lists per a group-policy straight from the firewall to LDAP. The customer doesn't have ACS so I can't use downloadable acl's. I'm familiar with user authentication to LDAP or RADIUS on the firewall, what I haven't done before is map LDAP group to a group policy on the firewall without using ACS.

Has anyone ever done this or know if it can be done with IAS?

2 REPLIES

Re: SSL VPN

You mention firewall so I am assuming you are deploying an ASA. There are a few different ways you can assign LDAP users to a group policy. You can then configure a tunnel group lock and network filter on the respective group policy. Another more flexible solution is to use DAP.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

New Member

Re: SSL VPN

beautiful... i was on the right track then. Thanks for your help. I have some of this configured already. I've read the first 2 guides in the past several times, but have never seen the DAP guide.

Thank You

146
Views
0
Helpful
2
Replies