03-09-2017 07:57 AM - edited 03-12-2019 02:02 AM
Could someone please tell me if it is possible for remote vpn users (anyconnect users) that authenticated using LDAP in full tunneling mode are redirected to sfr module and then hitting the same access rule when those users connected through LAN? As I know, the user agent only monitor the login events of domain controller, but the ip-user mapping of vpn users will not be populated within the login events, right?
Thanks in advance.
Solved! Go to Solution.
03-11-2017 01:25 AM
From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.
If you need identity integration for AnyConnect, ISE would be the solution of choice.
03-11-2017 01:25 AM
From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.
If you need identity integration for AnyConnect, ISE would be the solution of choice.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: