Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

ASA5520 Restrict Users based on LDAP/AD group to certain ACL's or IP Pool?

johnsmunoz
Level 1
Level 1

‎05-02-2017 09:43 AM

I'd like to be able to give different users access to different subnets either by an ACL or by putting them into particular address pools based on their LDAP membership.  Is this possible?  most of the documentation i've been able to to find is just to give access or deny access to the VPN itself.  

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎05-02-2017 11:31 AM

Yeah, that's not a problem. Easiest way (IMO) is to map LDAP group to ASA Group Policy.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

0 Helpful
Customers Also Viewed These Support Documents