Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
1
Replies

Microsoft NPS and ASA AAA

Phil Bradley
Level 4
Level 4

‎10-06-2015 08:41 AM - edited ‎03-10-2019 11:07 PM

I have implemented Microsoft NPS and AAA on my Cisco ASA for vpn users and this is working with no issues. The next step I would like to take is use Microsoft NPS for level 15 access to my ASA for management. I did add this in the ASA but it allows any user access to the full command set. I did read where I need to pass service parameters down to the ASA but it appears by default access is wide open. Can I have multiple network polices for vpn users and network managers?

Labels:
0 Helpful
1 Reply 1

Phil Bradley
Level 4
Level 4

‎10-12-2015 04:52 AM

I switched over to LDAP and I am using the ldap attribute map which appears to accomplish what I need. The only issue that I have come across during testing is with users that don't have an attribute come across in the LDAP query. I was testing with the memberOf attribute and when users are not a member of any group then they are allowed ASDM full access. If they are a member of a group that I don't have defined then everything works fine. I am mapping memberOf to privilege level.

0 Helpful
Customers Also Viewed These Support Documents