cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1466
Views
0
Helpful
4
Replies

Configure Anyconnect with LDAP Authentication with multiple server groups

Herald Sison
Participant
Participant
Hi Everyone, i am pretty new to Cisco Any Connect. I have a problem with my LDAP-DAP authenticaiton. actually it is working now but my question is how to configure if i have 2 Groups/AnyConnect Profile in my Anyconnect and it should map to 2 different AD Security Groups. i am using CiscoASA 5508 via ASDM. I have this settings below: Employee Anyconnect Groups = RemoteUsers AD security group Vendor Anyconnect Groups = VendorMgmt AD security group when i am using any user from any of the groups i can successfully login to any of the 2 Anyconnect Groups. What i want to achieve is Employee should only authenticate RemoteUsers and Vendor should only authenticate VendorMGmt. Hope i can fix this problem soon. Thank you everyone,
4 Replies 4

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Hope this information helps you : (if not please tell us what is not working, so we can assist better)

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Sir,

Apologies, there is a change of plans. Here is the scenario below.

 

I created 2 AAA Server Groups:

1) RemoteEmployees - For Employees only VPN 

2) RemoteVendors - For Vendors only VPN

 

now i Have created 2 AnyConnect Connection Profiles

1) Employees - authentication method is through LDAP and DAP and is now working with NO problem.

2) Vendors - now, i want to have this authentication method via LOCAL Users in ASA ASDM.

 

Now i will focus my attention now in Vendors since this is what my most concern.

1) i want to create an address pool for Vendors only so that when they login the address they get is from the address pool i assigned to it.

 

(i already made this but still getting IP address the same as the Employees)

 

2) i want to use the local authentication that has been made inside the ASA ASDM as Local Users.

 

(i have already made this by changing the authentication method of the anyconnect connection profiles to LOCAL, but when i tried logging in using the credentials i created in LOCAL USERS it says "LOGIN DENIED")

 

I Hope this explains everything that i need right now.

 

I am trying to make my firewall more secure and less complicated so please if you can help me with this that would very great and much appreciated. if possible less CLI and more on ASDM as i am not yet an expert.

 

Thank you so much.

 

 

ok Summarise your requirement

.

1. You have 2 VPN Groups each group required different IP address Pool here is the link for that assign a different pool based on VPN Groups examples :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/vpnadd.html

 

2. You have 2 VPN Groups you have working solution for 1 Groups against LDAP, other group not working using Local.

 

in this you need to check the group you want to authenticate local, is that binded the authentication using local ? 

if yes we need to check the details logs in ASA why it failing.

 

example for 2 different authentication for 2 groups explain as below  :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_aaa.html#wpxref29264

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-groups.pdf

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Sir,

 

i have tried the steps but still no luck.

i have attached an image of my AAA Server Group, conection profile for the vendor side, Group Policy, Address Pools for your reference.

 

and 1 more thing i have tried deleting 1 unused AAA server group but when i click apply it gives me an error. i have also attached the screen cap for the error.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers