Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Trying to setup dynamic access policy to restrict some users from being able to get on VPN. Our default policy allows everybody on VPN, we just need to exclude a small number of contractors. I created an AD group called NoVPN & put a new test user in...
I have spent the last few hours reading different documents but I am still coming up empty handed.I've got a ASA 5525, has a inside interface & sits at 10.33.1.1I defined a logical interfaces with vlan tag 3364 -- sits at 10.33.64.1 (this will be for...
I did try that (see screenshot) but it still isn't being applied correclty. User can still connect & ping local servers. I have a feeling for some reason LDAP is passing the memberof correctly.
I was able to get this working the way I needed it tointerface GigabitEthernet0/2 description Inside interface nameif inside security-level 100 ip address 10.33.1.1 255.255.255.0 !interface GigabitEthernet0/2.64 vlan 64 nameif WiFi security-level 100...
I was able to get it working with the following via NAT Exemption.nat (WiFi,outside) source static obj_10.33.64.0-24 obj_10.33.64.0-24 destination static BLDCorpNetwork BLDCorpNetwork no-proxy-arpnat (WiFi,outside) source dynamic any interface
It would just be helpful to still be able to use the native vlan because the switches underneath this ASA don't have switchport access vlan configured on any of their ports.
