Solved: FMC RAVPN access rules per AD Group

tferreira · ‎10-29-2018

Hello,

I'm fairly new to Firepower devices, and I've hit a barrier.

I need to specify remote access vpn access rules per AD Group, so that I can limit the routes presented to each group of users.

I cannot find anywhere where to do this, is it possible with Firepower devices to filter the routes presented to the remote access users.

Many thanks,

tferreira

Marvin Rhoads · ‎10-30-2018

That sort of thing would be generically referred to as LDAP Authorization. Unfortunately as of the current Firepower Threat Defense (Version 6.2.3.x), that feature is not supported.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_remote_access_vpns.html#reference_xby_dml_wy

Note if you are using a RADIUS server, you can apply a predefined Filter ACL. That is described later in the same document linked above.

View solution in original post

Marvin Rhoads · ‎10-30-2018

That sort of thing would be generically referred to as LDAP Authorization. Unfortunately as of the current Firepower Threat Defense (Version 6.2.3.x), that feature is not supported.

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_remote_access_vpns.html#reference_xby_dml_wy

Note if you are using a RADIUS server, you can apply a predefined Filter ACL. That is described later in the same document linked above.