Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
1
Replies

Dynamic Access Policy VPN & Management Access

Go to solution
Michael All
Beginner
Beginner

‎06-09-2011 12:20 PM - edited ‎03-10-2019 06:09 PM

Hello everyone,

I'm testing out a scenerio with an ASA 5520 to get it to authenticate VPN users against and Active Directory environment plus allow management access as well. I created a Dynamic Access Policy on the ASA stating that if you are a member of the Active Directory group "Managment" the continue. I chagned the DefaultAccessPolicy to "Terminate". So with that, VPN users cannot connect because they are not a member of that group, but the access to manage the ASA is allowed because of that policy.

Is there a way through using Dynamic Access Policies that I can allow management access (SSH, ASDM, etc) by matching to a group membership and will allow normal users to VPN in successfully but not allow them access to managing the ASA?

I'm just trying this out but it seems like I should be able to swing this?

Thaks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andamani
Cisco Employee
Cisco Employee

‎06-12-2011 12:45 AM

Hi,

You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
andamani
Cisco Employee
Cisco Employee

‎06-12-2011 12:45 AM

Hi,

You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents