Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

ASA 5525 Group Policy Sprawl

ja1724
Level 1
Level 1

‎10-07-2020 12:44 PM - edited ‎10-07-2020 12:46 PM

We are running into an issue that I'm sure others have encountered. Here a brief summary:

 

Group Policy A contains hosts A,B & C

User 1 needs access to hosts A,B, & C so he is mapped to group policy A

 

User 2 needs access to only host B so another group policy is created (Group policy B containing host B) and this user is mapped to Group Policy B

 

User 3 needs access to hosts A & C so another group policy is created (Group Policy C containing hosts A & C) and this user is mapped to Group Policy C.

 

With nearly 200 users this approach is maddening (we have almost as many group policies now). Looking for a much cleaner and efficient way to do this. Last I checked Cisco didn't support nested policies so that's out.

 

Very frustrated.

 

Thanks in advance for any help that can be provided.

 

Jim A.

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-07-2020 12:51 PM

Hi @ja1724 

How do you authenticate the users? If you used a RADIUS server, you can dynamically apply a DACL to each user/group. Only 1 group-policy required on ASA, obviously multiple authorisation rules on the RADIUS server.


HTH

0 Helpful
Customers Also Viewed These Support Documents