cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
0
Helpful
1
Replies

Microsoft NPS and ASA AAA

Phil Bradley
Enthusiast
Enthusiast

I have implemented Microsoft NPS and AAA on my Cisco ASA for vpn users and this is working with no issues. The next step I would like to take is use Microsoft NPS for level 15 access to my ASA for management. I did add this in the ASA but it allows any user access to the full command set. I did read where I need to pass service parameters down to the ASA but it appears by default access is wide open. Can I have multiple network polices for vpn users and network managers?

1 Reply 1

Phil Bradley
Enthusiast
Enthusiast

I switched over to LDAP and I am using the ldap attribute map which appears to accomplish what I need. The only issue that I have come across during testing is with users that don't have an attribute come across in the LDAP query. I was testing with the memberOf attribute and when users are not a member of any group then they are allowed ASDM full access. If they are a member of a group that I don't have defined then everything works fine. I am mapping memberOf to privilege level.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers