Solved: Dynamic Access Policy VPN & Management Access

Michael All · ‎06-09-2011

Hello everyone,

I'm testing out a scenerio with an ASA 5520 to get it to authenticate VPN users against and Active Directory environment plus allow management access as well. I created a Dynamic Access Policy on the ASA stating that if you are a member of the Active Directory group "Managment" the continue. I chagned the DefaultAccessPolicy to "Terminate". So with that, VPN users cannot connect because they are not a member of that group, but the access to manage the ASA is allowed because of that policy.

Is there a way through using Dynamic Access Policies that I can allow management access (SSH, ASDM, etc) by matching to a group membership and will allow normal users to VPN in successfully but not allow them access to managing the ASA?

I'm just trying this out but it seems like I should be able to swing this?

Thaks in advance.

andamani · ‎06-12-2011

Hi,

You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

View solution in original post

andamani · ‎06-12-2011

Hi,

You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.