cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
3
Replies
Highlighted
Beginner

Configuring AAA on ASA for VPN with Microsoft AD

I Have VPN users authenticating with my MS-Active Directory for my internal users.

Now I would like to move my Vendors from a VPN3030 Concentor to Active Directory and use MS-Active Directory for Authentication.

I would like to duplicate the Access list restrictions and filters I have on the VPN3030 on the ASA.

How do I Set up the ASA to get an access list for  a user from the MS-Active Directory and apply that to a vpn session.

The AD has fields called msRadiusFramedRoute that looks promising?

Kenneth.

Everyone's tags (4)
3 REPLIES 3
Highlighted
Cisco Employee

Configuring AAA on ASA for VPN with Microsoft AD

Currently you are configurating ldap attribute map on the ASA to map it against a specific group policy.

Have you configured the AD with the access-list, or you are just about to configure it?

Or do you want to just configure the VPN filter on the ASA group-policy itself since you already configure attribute map to map it to a specific group policy.

Highlighted
Beginner

Configuring AAA on ASA for VPN with Microsoft AD

I was hoping instead of creating 20 different Access list on the ASA.  have the ASA pull the access-list from

the AD controller for the set of rules that apply to traffic for a specified vendor. 

Here is what I want to accomplish.  

All vendors access 10.1.3.x network DNS servers. 

vendor A access 10.1.20.x network and 10.1.18 network

vendor B access 10.1.18.20 host only and 10.1.15.1/28 network.

vendor C access only host 10.10.10.10

vendor D access only host 10.10.20.25

vendor E access only network 10.100.x.x

etc, etc, etc, etc,

I was hoping to manage it all with AD.

Highlighted
Cisco Employee

Configuring AAA on ASA for VPN with Microsoft AD

ahhh, in that case you can use the ldap attribute map, mapping the ldap attribute "info" to the cisco attribute "Cisco-AV-Pairs".

Here is the ACL syntax for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1763743