06-09-2011 12:20 PM - edited 03-10-2019 06:09 PM
Hello everyone,
I'm testing out a scenerio with an ASA 5520 to get it to authenticate VPN users against and Active Directory environment plus allow management access as well. I created a Dynamic Access Policy on the ASA stating that if you are a member of the Active Directory group "Managment" the continue. I chagned the DefaultAccessPolicy to "Terminate". So with that, VPN users cannot connect because they are not a member of that group, but the access to manage the ASA is allowed because of that policy.
Is there a way through using Dynamic Access Policies that I can allow management access (SSH, ASDM, etc) by matching to a group membership and will allow normal users to VPN in successfully but not allow them access to managing the ASA?
I'm just trying this out but it seems like I should be able to swing this?
Thaks in advance.
Solved! Go to Solution.
06-12-2011 12:45 AM
Hi,
You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
06-12-2011 12:45 AM
Hi,
You can try applying DAP and configure the Network ACL Filter. thus allowing them only the protocols you wish them to have access.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide