Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
5
Replies

Anyconnect integration with AD using ldap protocol

mohamed.fawzy2012
Level 1
Level 1

‎09-04-2016 05:38 PM - edited ‎02-21-2020 08:57 PM

i have already integrated ASA with Active Directory Using ldap protocol and it is working fine , but now i want to let specific group on Active Directory

allowing to access anyconnect vpn not all AD users

example of AD tree :

Mednet.com

    Group A

          Group B

          Group C

          Group D

so i want only group B can access anyconnect vpn

Labels:
0 Helpful
5 Replies 5

JP Miranda Z
Cisco Employee
Cisco Employee

‎09-04-2016 06:49 PM

Hi mohamed.fawzy2012,

You can use LDAP mapping in order to allow AnyConnect Access depending of an AD group, this link can help you with the common questions and configuration examples:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to JP Miranda Z

‎09-05-2016 09:04 AM

I have done an implementation using LDAP mapping as suggested by JP and it worked well. More recently I have done an implementation using Dynamic Access Policy on ASA to check LDAP group membership which is working well. Mapping is perhaps a bit more straightforward to set up and DAP has more flexibility to handle things like membership in multiple groups.

HTH

Rick

HTH

Rick
0 Helpful

mohamed.fawzy2012
Level 1
Level 1
In response to Richard Burts

‎09-05-2016 05:16 PM

how can i implement DAP , kindly provide me with an example 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mohamed.fawzy2012

‎09-05-2016 08:00 PM

Like this:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

or this:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Marvin Rhoads

‎09-06-2016 11:01 AM

You might also want to take a look at this link

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/asdm71/vpn/asdm_71_vpn_config/vpn_asdm_dap.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html#62710

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents