Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
1
Replies

ACS 5.1 VPN/ACL problems

Si
Level 1
Level 1

‎11-20-2012 01:48 AM - edited ‎03-10-2019 07:48 PM

Good Morning,

Im trying at the moment to adapt what we already have setup for authenticating IPSEC vpns.Currently below is how this is setup.

We would like add ACLs based on which 3rd party company is dialing in. I understand how to do this with local usernames but not when talking to AD.

Sorry if this is unclear thanks in advance.The tunnel group names are different for each company but again now sure where id add this filter.

Thanks

S

Service Selection

Protocol: match Radius

NDG:Device Type in All Device Types:Firewall

NDG:Location Any

Device IP Address: x.x.x.x

End Station: Filter Any

Service: VPNAccess

VPNAccess

IdentitySource: OTPthenAD (Using OTP server and AD Groups)

Standard Policy

Rule 1

Name Staff

Compoud Condition AD-AD1: StaffGroup

Permit Access

Rule 2

Name Staff

Compoud Condition AD-AD1: 3rdParty

Permit Access


Labels:
0 Helpful
1 Reply 1

Si
Level 1
Level 1

‎02-01-2013 01:15 AM

I have finally resolved this. The issue was the ASA v8.0 was not passing the Tunnel Group Name. ASA upgraded to 8.4 resolved this

0 Helpful
Customers Also Viewed These Support Documents