Solved: ASA5505 - Connection profile based on Active Directory group membership?

Steffen Frederiksen · ‎07-04-2013

Hi

We are using a ASA5505 for clientless webbased SSL VPN connections.

Today I have only one connection profile with AAA authentication pointing to a RADIUS server in my Active Directory. To that connection profile is there a Group Policy assigned - and to that Group Policy there is some bookmarks assigned for the webvpn.

I would like to have different bookmarks for webvpn/clientless vpn users, based on their group membership in Active Directory - is that possible?

Like you have to be mener of a specific AD group to be allowed access to a specfic connection profile on the ASA?

Or is there another solution to accomplice this goal "differnet bookmarks based on AD group membership"

Best Regards, Steffen.

Karsten Iwen · ‎07-04-2013

There are different ways to do that. The probably easiest is to keep your one connection-profile and to configure different group-policies for your user-groups. On the RADIUS-server you configure different rules that match on the internal AD group-membership. In the radius-profile you assign the right group-policy with the RADIUS atribute 25 whis is named the class-attribute.

Sent from Cisco Technical Support iPad App

View solution in original post

Karsten Iwen · ‎07-04-2013

There are different ways to do that. The probably easiest is to keep your one connection-profile and to configure different group-policies for your user-groups. On the RADIUS-server you configure different rules that match on the internal AD group-membership. In the radius-profile you assign the right group-policy with the RADIUS atribute 25 whis is named the class-attribute.

Sent from Cisco Technical Support iPad App

Steffen Frederiksen · ‎07-05-2013

Thanks