09-09-2020 03:17 PM
Hello,
We have 3 ASAs (Cisco ASA 5516-X Theat Defense 6.2.3.4) administered by an FMC.
Users connect to VPN via Cisco AnyConnect, by Active Directory authentification.
We want to allow connection only for an AD group. Currently, all domain users can authenticate on Cisco AnyConnect and this is a security issue. The initial configuration of Cisco AnyConnect is complete (ipv4 Pool, certifcates …).
We have a Realm setup with our AD servers :
Our AD base looks like :
DC=corp,DC=com
And we want to allow connection only for this AD group : CN=GRP-VPN,CN=Users,DC=corp,DC=com
Can you explain the procedure to us?
Thank you in advance for your help
09-10-2020 05:43 PM
Do you use ISE in your environment? Its the easiest and best way to set this up what you are trying to achieve.
09-11-2020 05:05 AM
Hello,
No we do not use ISE.
I did not find a tutorial to restrict Cisco AnyConnect VPN login based on AD Group with AD Realm.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: