Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
0
Replies

AnyConnect-Accounts with LDAP-Authentication

Awacs2000
Level 1
Level 1

‎01-09-2020 11:58 PM - edited ‎02-21-2020 09:50 PM

Hi!

 

I have the following problem. I would like to use AnyConnect access with LDAP / AD connection on the ASA 5515 (9.9 (1) 2).

 

I also have everything running. Say, LDAP attribute maps etc.

For example you dial in via "vpn.blablabla.com/access1" with User1, who must be in a certain OU in the AD. And only User1 is able to dial in and can use split tunneling and extended ACLs on certain components with port XY.

It works just fine.

BUT, now there is another access ("vpn.blablabla.com/access2"), which I have set up exactly the same way as the above. Only here, of course, another OU with User2 and of course other destinations in the inside-network and a separate attribute map.

In itself, the access works too. But not only for User2. User 1 can unfortunately log in here, too, even though he is in a completely different OU.

I have already made various attempts to understand what is going wrong here, but I cannot find out.

For example: https://www.petenetlive.com/KB/Article/0001152

 

I also tried the whole thing with Dynamic Access Policies, which looked very good at first. Until I realized that the DAP applies globally and that all other accesses were no longer usable.

 

Any idea? Is this an ASA issue? Can't the ASA do that?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents