cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
0
Helpful
1
Replies

Steps to take to allow AD users/groups different IP Pools on a ASA

Hello,

I currently have Windows Radius working and want to setup and use LDAP only. The current working configuration allows for authentication only and I need to be able to dive deeper.

A given user needs to have attributes in the directory service that will enforce:

default gateway vs. split tunnel routing
which IP address pool to use
I can do this currently with LOCAL auth. However it's ugly because it requires the user to use multiple logins and pick the VPN Group for each policy. That don't scale.

I in the process of reading several posts and doc's

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml?referring_site=smartnavRD

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

https://supportforums.cisco.com/message/998156

Is there any place that shows step by step instructions in order that will help me?

Thanks

1 Reply 1

ajay chauhan
Level 7
Level 7

Diffrent groups can be configured for diffrent IP pools.

For ex-

asa(config)#ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0

asa(config)#group-policy SSLCLient internal

asa(config)#group-policy SSLCLient attributes

asa(config-group-policy)#address-pools value SSLClientPool

Same step can be repeated for diffrent groups and diffrent IP pool.

Thanks

Ajay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: