I have two groups in my AD, one for our Administrators and one for our Users. I want to configure so that everyone can use our VPN connection but I want to restrict so normal users in the Users group can only access one IP-address and our Administrators can access everything. We're using LDAP in our AD and no NPS is installed.
I'm using FMC to configure this but I really dont know how I should progress.
I believe this is not possible with Firepower Threat Defense (FTD) as of today if you use LDAP/AD as back-end AAA source. Traditionally with ASA, we would use LDAP attribute maps to map AD membership to group-policies and corresponding permissions. Since FTD does not support LDAP attribute map's yet, you would have to use a back-end Radius server like NPS to achieve this functionality.