05-12-2010 04:39 PM - edited 03-10-2019 05:08 PM
I'm trying to set up my ASA so our SSL VPN users can authenticate against a microsoft AD server. From what I've read I need to map the AD attribute 'msNPAllowDialin' to the Cisco Attribute 'CVPN3000−Radius−IETF−Class', but my ASA doesn't seem to have that. Is there something I'm suppose to do first for this to show up? Here's what is available:
ASA(config-ldap-attribute-map)# map-name msNPAllowDialin ?
ldap mode commands/options:
cisco-attribute-names:
Access-Hours
Allow-Network-Extension-Mode
Auth-Service-Type
Authenticated-User-Idle-Timeout
Authorization-Required
Authorization-Type
Banner1
Banner2
Cisco-AV-Pair
Cisco-IP-Phone-Bypass
Cisco-LEAP-Bypass
Client-Intercept-DHCP-Configure-Msg
Client-Type-Version-Limiting
Confidence-Interval
DHCP-Network-Scope
DN-Field
Firewall-ACL-In
Firewall-ACL-Out
Group-Policy
IE-Proxy-Bypass-Local
IE-Proxy-Exception-List
IE-Proxy-Method
IE-Proxy-Server
IETF-Radius-Class
IETF-Radius-Filter-Id
IETF-Radius-Framed-IP-Address
IETF-Radius-Framed-IP-Netmask
IETF-Radius-Idle-Timeout
IETF-Radius-Service-Type
IETF-Radius-Session-Timeout
IKE-DPD-Retry-Interval
IKE-Keep-Alives
IPSec-Allow-Passwd-Store
IPSec-Auth-On-Rekey
IPSec-Authentication
IPSec-Backup-Server-List
IPSec-Backup-Servers
IPSec-Client-Firewall-Filter-Name
IPSec-Client-Firewall-Filter-Optional
IPSec-Default-Domain
Solved! Go to Solution.
05-12-2010 05:09 PM
Its not missing, it has been replaced with a different command--- IETF-Radius-Class
ldap attribute-map CISCOMAP
map-name msNPAllowDialin cVPN3000-IETF-Radius-Class
map-value msNPAllowDialin FALSE NOACCESS
map-value msNPAllowDialin TRUE ALLOWACCESS
Mapping VPN Clients to VPN Group Policies Through LDAP Configuration Example
HTH
Regds,
JK
Do rate hekpful posts-
05-12-2010 05:09 PM
Its not missing, it has been replaced with a different command--- IETF-Radius-Class
ldap attribute-map CISCOMAP
map-name msNPAllowDialin cVPN3000-IETF-Radius-Class
map-value msNPAllowDialin FALSE NOACCESS
map-value msNPAllowDialin TRUE ALLOWACCESS
Mapping VPN Clients to VPN Group Policies Through LDAP Configuration Example
HTH
Regds,
JK
Do rate hekpful posts-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide