Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

Steps to take to allow AD users/groups different IP Pools on a ASA

terrancewbennett
Level 1
Level 1

‎01-28-2012 08:46 AM

Hello,

I currently have Windows Radius working and want to setup and use LDAP only. The current working configuration allows for authentication only and I need to be able to dive deeper.

A given user needs to have attributes in the directory service that will enforce:

default gateway vs. split tunnel routing
which IP address pool to use
I can do this currently with LOCAL auth. However it's ugly because it requires the user to use multiple logins and pick the VPN Group for each policy. That don't scale.

I in the process of reading several posts and doc's

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml?referring_site=smartnavRD

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

https://supportforums.cisco.com/message/998156

Is there any place that shows step by step instructions in order that will help me?

Thanks

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎01-28-2012 11:50 PM

Diffrent groups can be configured for diffrent IP pools.

For ex-

asa(config)#ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0

asa(config)#group-policy SSLCLient internal

asa(config)#group-policy SSLCLient attributes

asa(config-group-policy)#address-pools value SSLClientPool

Same step can be repeated for diffrent groups and diffrent IP pool.

Thanks

Ajay

0 Helpful
Customers Also Viewed These Support Documents