Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
0
Helpful
2
Replies

Cisco AnyConnect authentication via AD group (Realm)

John Doe 973
Level 1
Level 1

‎09-09-2020 03:17 PM

Hello, 

We have 3 ASAs (Cisco ASA 5516-X Theat Defense 6.2.3.4) administered by an FMC.

Users connect to VPN via Cisco AnyConnect, by Active Directory authentification.

 

We want to allow connection only for an AD group. Currently, all domain users can authenticate on Cisco AnyConnect and this is a security issue. The initial configuration of Cisco AnyConnect is complete (ipv4 Pool, certifcates …).

 

We have a Realm setup with our AD servers :

Real configuration.PNG

 

Our AD base looks like :

DC=corp,DC=com

And we want to allow connection only for this AD group : CN=GRP-VPN,CN=Users,DC=corp,DC=com

 

Can you explain the procedure to us?

 

Thank you in advance for your help

Labels:
0 Helpful
2 Replies 2

Heino Human
Level 1
Level 1

‎09-10-2020 05:43 PM

Do you use ISE in your environment? Its the easiest and best way to set this up what you are trying to achieve. 

0 Helpful

John Doe 973
Level 1
Level 1
In response to Heino Human

‎09-11-2020 05:05 AM

Hello,

No we do not use ISE.

I did not find a tutorial to restrict Cisco AnyConnect VPN login based on AD Group with AD Realm.

Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents