We have an ASA configured with sslvpn and using AnyConnect clients. Currently we authenticate via LDAP and automatically set the group-policy value via an LDAP value. We have several groups with unique IPs and therefore special access due to their assigned IP address.
We'd like to add SecureID authentication for some of these groups. I've set up a second profile with double authentication, using LDAP with group assignen and that works fine.
The issue we are facing is that I can find no way to limit access to the double authentication groups from the standard profile, because both profiles are authenticating to the same LDAP server, and the LDAP policy map is configured with the LDAP server.
So all the groups are accessible (with the right credentials) from both the standard single auth profile and the double-auth profile, and there's no way to force the use of the double-auth profile- at least none that I can find.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...