Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
3
Replies

Clientless SSL VPN - ASA5515-x

Go to solution
andy_4578
Level 1
Level 1

‎09-08-2016 01:30 AM - edited ‎02-21-2020 08:58 PM

Is it possible to provide resources based on the user logon and LDAP security groups with the ASA clientless VPN?

Our customer currently has a Junos Pulse 2600 which allow users to connect remotely and gain access to resources based on the AD group membership.  This device is going "EOL" and we were hoping to create a similar solution with the ASA.

The only way I've got it working so far is to create lots of different SSL connection profiles (by department) and the user selects there department from the logon screen, department or connection profile has a different AAA profile linked.

The problem with this is the customer doesn't want users trying to log on to other department portals so we don't want them have to select from a drop down list and instead just log straight in.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎09-08-2016 12:03 PM

Hi andy_4578,

You can use ldap mapping with clientless without any problem, this is going to limit the client connections depending of the AD group, take a look to this guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

Hope this info helps!!

Rate if helps you!! 

-JP-

View solution in original post

0 Helpful
3 Replies 3

Go to solution
JP Miranda Z
Cisco Employee
Cisco Employee

‎09-08-2016 12:03 PM

Hi andy_4578,

You can use ldap mapping with clientless without any problem, this is going to limit the client connections depending of the AD group, take a look to this guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful

Go to solution
andy_4578
Level 1
Level 1
In response to JP Miranda Z

‎09-22-2016 12:40 AM

Thanks for your reply, unfortunately we've tried that and its not quite what we were after.  Our customers current Juniper SSL vpn provides portal resources such as web link's or file/drive access based on LDAP security groups, as an example if your a member of the HR security group then you only see the HR drive mapping and web links when you log in to the SSL vpn.

It appears the ASA portal is fixed configuration per ssl policy and shows all of the resources regardless of who logs on so someone in "admin" can see the payroll drives etc

Unless I've configured it wrong which is highly likely.

0 Helpful

Go to solution
CRunyan
Level 1
Level 1
In response to andy_4578

‎09-14-2017 08:51 AM

Andy,

 

Did you ever find a resolution for this?

I am in the same situation Juniper/Junos > CISCO Clientless SSL VPN

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents