cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
528
Views
15
Helpful
1
Replies

Cisco Anyconnect VPN

Wireless
Beginner
Beginner

Hi Cisco community! I just want to ask regarding the VPN group policy in Cisco ASA. What will happen if a vpn user is a member of two group policies and we only have 1 tunnel group? The configured group policy on our tunnel group is "NO-ACCESS" so we can restrict who will access the tunnel group.

 

user 1 is a member of FINANCE-AD and IT-AD in active directory and both of these were configured in the LDAP attribute map

 

 

 

1 REPLY 1

Rob Ingram
VIP Expert VIP Expert
VIP Expert

@Wireless  

"If a user is a memberOf of several AD groups (which is common) and the ldap-attribute-map matches more than one of them, the mapped value will be chosen based on the alphabetization of the matched entries."

 

Checkout this link for more information on the LDAP attribute maps

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc9

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: