Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We recently discovered that Anyconnect is allowing unauthorized users to connect. We use ldap strings to establish authorization. I tried setting up dynamic-access-policies to restrict authorization to the ldap strings but even with the permit and th...
I have over 130 devices where Anyconnect is permitting any domain user to login. We have an ldap string configured but logins aren't being restricted to the AD security group in the ldap string. My devices include FP2110 (ASA not FTD), ASA 5508 and 5...
I've been going round and round with this. I installed a wildcard certificate on an ASA. Then I exported the certificate to a pfx but I'm unable to import it on another ASA. I have an open TAC case and the tech tried all the same things I did. I am ...
A co-worker asked me if it is possible to clear only one line of an access-list on an ASA. I've never had the need to do that but I'm curious now. Can it be done?
We are having an issue with intermittent slowness when accessing load balanced servers behind an F5. I was wondering if anyone could explain why when I use certain types of NAT, the issue is resolved. I've tried every type of NAT there is. When I use...
You can use the test function with aaa commands to get the correct LDAP string case. Thank you so much for the tip Rob. One would think that the case wouldn't matter especially when it previously worked. IT DOES MATTER THOUGH!
Sorry for the late reply Rob. I've had my hands full.I also noticed it wasn't picking up the group-policy and I was actually trying to login. Here's the ldap string from the configuration. I'll ask my customer for the exact ldap string to make sure m...
Reposting the ldap string. It is as you asked now. ldap attribute-map ANYCONNECT map-name memberOf Group-Policy map-value memberOf cn=AC-VPN,cn=users,dc=xxx,dc=xxxxx ANYCONNECT_GP
