11-29-2021 10:14 PM
Hi Engineers,
I have vpn problem. we use Anyconnect vpn in ASA on corp. But there is single problem. I was connected ASA to LDAP and I created single group for vpn users. When does vpn authentication time, ALL domain users passed authentication in anyconnect with AD user. But i want to connect to the anyconnect vpn to only single CN=VPN Users group member.
Thanks.
ldap attribute-map eManat-Attribute
map-name memberOf IETF-Radius-Class
map-value memberOf CN=VPN Users,OU=VPN,DC=modenis,DC=local
aaa-server AD protocol ldap
ldap-base-dn DC=xxx,DC=local
ldap-group-base-dn CN=VPN Users,OU=VPN,DC=xxx,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn ldap@xxx.local
ldap-attribute-map Attributename
ldap-base-dn DC=xxx,DC=local
ldap-group-base-dn CN=VPN Users,OU=VPN,DC=xxx,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn ldap@xxx.local
ldap-attribute-map Attributename
tunnel-group Employees type remote-access
tunnel-group Employees general-attributes
address-pool GP-IT-Infrastructure
authentication-server-group AD
default-group-policy Employees
tunnel-group Employees webvpn-attributes
group-alias Employees enable
group-policy Employees internal
group-policy Employees attributes
banner value Dear Employees, Welcome to Corporate internal Network. Have a nice day!!!
dns-server value 172.20.10.21 172.20.10.22
vpn-tunnel-protocol ssl-client
group-lock value Employees
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-ACCESS-ALL
address-pools value GP-IT-Infrastructure
Solved! Go to Solution.
11-29-2021 11:47 PM
@Xayyam.Gojayev You need a NOACCESS group-policy that is applied to users when they are not a member of any of the LDAP groups. Refer to the link below.
11-29-2021 11:47 PM
@Xayyam.Gojayev You need a NOACCESS group-policy that is applied to users when they are not a member of any of the LDAP groups. Refer to the link below.
12-01-2021 12:53 AM
Hi @Rob Ingram thanks for you this solution. Its work.
11-30-2021 07:10 AM
follow
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: