03-11-2019 03:13 AM
03-11-2019 04:55 AM
Hope this information helps you : (if not please tell us what is not working, so we can assist better)
03-13-2019 05:30 PM
Hi Sir,
Apologies, there is a change of plans. Here is the scenario below.
I created 2 AAA Server Groups:
1) RemoteEmployees - For Employees only VPN
2) RemoteVendors - For Vendors only VPN
now i Have created 2 AnyConnect Connection Profiles
1) Employees - authentication method is through LDAP and DAP and is now working with NO problem.
2) Vendors - now, i want to have this authentication method via LOCAL Users in ASA ASDM.
Now i will focus my attention now in Vendors since this is what my most concern.
1) i want to create an address pool for Vendors only so that when they login the address they get is from the address pool i assigned to it.
(i already made this but still getting IP address the same as the Employees)
2) i want to use the local authentication that has been made inside the ASA ASDM as Local Users.
(i have already made this by changing the authentication method of the anyconnect connection profiles to LOCAL, but when i tried logging in using the credentials i created in LOCAL USERS it says "LOGIN DENIED")
I Hope this explains everything that i need right now.
I am trying to make my firewall more secure and less complicated so please if you can help me with this that would very great and much appreciated. if possible less CLI and more on ASDM as i am not yet an expert.
Thank you so much.
03-13-2019 11:20 PM
ok Summarise your requirement
.
1. You have 2 VPN Groups each group required different IP address Pool here is the link for that assign a different pool based on VPN Groups examples :
https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/vpnadd.html
2. You have 2 VPN Groups you have working solution for 1 Groups against LDAP, other group not working using Local.
in this you need to check the group you want to authenticate local, is that binded the authentication using local ?
if yes we need to check the details logs in ASA why it failing.
example for 2 different authentication for 2 groups explain as below :
03-14-2019 06:14 PM - edited 03-14-2019 06:18 PM
Hi Sir,
i have tried the steps but still no luck.
i have attached an image of my AAA Server Group, conection profile for the vendor side, Group Policy, Address Pools for your reference.
and 1 more thing i have tried deleting 1 unused AAA server group but when i click apply it gives me an error. i have also attached the screen cap for the error.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide