Solved: ASA anyconnect LDAP/BAse DN and client profiles - Page 2

AyoubC · ‎11-19-2022

Hello Sec GURUs,

I have two different questions please:

1- Im using Anyconnect with LDAP server (AD) to feetch the user ad creds, everything work fine as long as i'm point think LDAP server DC=companyname, DC=domaine, DC=com. Once I adjust the BASE DN to narrow down the OU group(CN=engineering, OU=remoteusers, DC=companyname, DC=domaine, DC=com) the and anyconnect users failed to connect, I'm I missing another parameter, Please guide me on how I can do that,

2- Is there a way to use ClientProfile to control the following, make the Anyconnect "disconnect"Button grayed out after a user connect, also I want to restrict the user machine to access to internet before until the user connect his VPN AnyConnect.

THANKS!!!

AyoubC · ‎11-23-2022

@Rob Ingram that was the last piece of the puzzle, you're right it seems that after mapping the correct group policy, it inherits along with that vpn-simultaneous-logins "0" from the default policy-group (NO ACCESS)

Attribute mapping works like a charm now, I'll create now more groups and perform more tests.

MHM Cisco World · ‎11-23-2022

Glad your issue is solve
and you are so so welcome,
@Rob Ingram thanks again for clarifying the default group-policy.

AyoubC · ‎11-23-2022

Thank you @MHM Cisco World ,

One more question, I'm a fun of ASDM, and I m wondering where I can find "vpn-simultaneous-logins " or it's a CLI command only. ?

Rob Ingram · ‎11-23-2022

@AyoubC it's a setting defined under the group-policy and is configurable via ASDM. Here is an example:

AyoubC · ‎11-23-2022

Sounds great !