11-04-2015 02:33 AM - edited 02-21-2020 08:32 PM
Hi,
I have a question which I'm not sure if Cisco ASA setup with L2TP/IPSec can accomplish.
Right now I have a Cisco ASA setup for L2TP over IPSec with LDAP authentication working. We are also using a pre-shared key.
What I want is to setup is different group policies on the Cisco ASA that are mapped to a particular LDAP group. These group policies will have different split tunnel lists (or filters) for what networks that user can access based on the group they are assigned to.
I know this is possible with SSL VPN and Client IPSec.
Is this possible with a L2TP/IPsec setup on a Cisco ASA? If so, what configuration do I need to accomplish this?
Thank you!
-rya
11-08-2015 09:04 PM
Hi Rya,
Yes, this would be possible using the LDAP mapping feature , check the document below for configuration and guide.
Hope it helps
-Randy-
11-17-2015 01:17 PM
Hi Rya,
I'm just testing L2TP/IPsec/LDAP with ASA 9.5(1) and it sends no LDAP requests which seems to be a bug. What is your software version? I need a working (not very old) version.
Thanks,
Péter
01-09-2016 02:10 PM
Ok, the reason it did not send any requests was that the client and the ASA could not negotiate a common PPP auth protocol over L2TP (CHAP or PAP or MSCHAPv2...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide