07-03-2018 12:32 AM - edited 02-21-2020 07:56 AM
Hi
I have two groups in my AD, one for our Administrators and one for our Users. I want to configure so that everyone can use our VPN connection but I want to restrict so normal users in the Users group can only access one IP-address and our Administrators can access everything. We're using LDAP in our AD and no NPS is installed.
I'm using FMC to configure this but I really dont know how I should progress.
Solved! Go to Solution.
07-03-2018 06:00 AM
potentially possible if you use ISE or ACS in conjunction with RADIUS auth and stick the FMC in a device group in ISE/ACS and enforcing certain AD attributes
07-03-2018 05:46 AM
I believe this is not possible with Firepower Threat Defense (FTD) as of today if you use LDAP/AD as back-end AAA source. Traditionally with ASA, we would use LDAP attribute maps to map AD membership to group-policies and corresponding permissions. Since FTD does not support LDAP attribute map's yet, you would have to use a back-end Radius server like NPS to achieve this functionality.
07-03-2018 06:00 AM
potentially possible if you use ISE or ACS in conjunction with RADIUS auth and stick the FMC in a device group in ISE/ACS and enforcing certain AD attributes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide