Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client users and RADIUS help

Hello,

We have a number of users that use the Cisco VPN client to connect to our ASA firewall and onto our network.  We use Active Directory and I want to only allow users onto our network if they are in a particular AD group, is this possible?

Thanks

1 REPLY
Cisco Employee

Re: VPN client users and RADIUS help

If you are using ASA 8.x, then I recommend implementing DAP 9Dynamic Access Policyes) which allows to to control the session establishment (after successful AAA processing) using AAA controls from AD.

DAP#1 - allows clients to connect only if memmerOf= ENgineering, Employees

DAP#2- allows clients to connect only if memmerOf= Consultants

The resulting VPN policy=DAP access/authorizaiton attributes+any Radius/LDAP VSA+ASA Group Policy.

See details at DAP Deployment Guide https://supportforums.cisco.com/docs/DOC-1369 .

Regards,

Nelson

572
Views
0
Helpful
1
Replies
CreatePlease login to create content