cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1424
Views
0
Helpful
3
Replies

Clientless SSL VPN - ASA5515-x

andy_4578
Level 1
Level 1

Is it possible to provide resources based on the user logon and LDAP security groups with the ASA clientless VPN?

Our customer currently has a Junos Pulse 2600 which allow users to connect remotely and gain access to resources based on the AD group membership.  This device is going "EOL" and we were hoping to create a similar solution with the ASA.

The only way I've got it working so far is to create lots of different SSL connection profiles (by department) and the user selects there department from the logon screen, department or connection profile has a different AAA profile linked.

The problem with this is the customer doesn't want users trying to log on to other department portals so we don't want them have to select from a drop down list and instead just log straight in.

1 Accepted Solution

Accepted Solutions

JP Miranda Z
Cisco Employee
Cisco Employee

Hi andy_4578,

You can use ldap mapping with clientless without any problem, this is going to limit the client connections depending of the AD group, take a look to this guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

3 Replies 3

JP Miranda Z
Cisco Employee
Cisco Employee

Hi andy_4578,

You can use ldap mapping with clientless without any problem, this is going to limit the client connections depending of the AD group, take a look to this guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

Hope this info helps!!

Rate if helps you!! 

-JP-

Thanks for your reply, unfortunately we've tried that and its not quite what we were after.  Our customers current Juniper SSL vpn provides portal resources such as web link's or file/drive access based on LDAP security groups, as an example if your a member of the HR security group then you only see the HR drive mapping and web links when you log in to the SSL vpn.

It appears the ASA portal is fixed configuration per ssl policy and shows all of the resources regardless of who logs on so someone in "admin" can see the payroll drives etc

Unless I've configured it wrong which is highly likely.

Andy,

 

Did you ever find a resolution for this?

I am in the same situation Juniper/Junos > CISCO Clientless SSL VPN