03-09-2017 07:57 AM - edited 03-12-2019 02:02 AM
Could someone please tell me if it is possible for remote vpn users (anyconnect users) that authenticated using LDAP in full tunneling mode are redirected to sfr module and then hitting the same access rule when those users connected through LAN? As I know, the user agent only monitor the login events of domain controller, but the ip-user mapping of vpn users will not be populated within the login events, right?
Thanks in advance.
Solved! Go to Solution.
03-11-2017 01:25 AM
From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.
If you need identity integration for AnyConnect, ISE would be the solution of choice.
03-11-2017 01:25 AM
From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.
If you need identity integration for AnyConnect, ISE would be the solution of choice.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide