Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
15
Helpful
1
Replies

Cisco Anyconnect VPN

Wireless
Level 1
Level 1

‎11-07-2021 01:36 AM

Hi Cisco community! I just want to ask regarding the VPN group policy in Cisco ASA. What will happen if a vpn user is a member of two group policies and we only have 1 tunnel group? The configured group policy on our tunnel group is "NO-ACCESS" so we can restrict who will access the tunnel group.

 

user 1 is a member of FINANCE-AD and IT-AD in active directory and both of these were configured in the LDAP attribute map

 

 

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎11-07-2021 03:07 AM

@Wireless  

"If a user is a memberOf of several AD groups (which is common) and the ldap-attribute-map matches more than one of them, the mapped value will be chosen based on the alphabetization of the matched entries."

 

Checkout this link for more information on the LDAP attribute maps

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc9

 

Customers Also Viewed These Support Documents