Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2797
Views
0
Helpful
4
Replies

Firepower Remote Access VPN limit to AD group

Michael Proctor
Level 1
Level 1

‎10-25-2019 08:38 AM - edited ‎02-21-2020 09:47 PM

Is there any good documentation out there to be able to limit users with access to the VPN to a specific group? Currently my system will allow ANY AD user to connect which is less than ideal.

 

Thanks

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎10-25-2019 08:55 AM

Hi,
You can use a RADIUS server to authorise only users in a specific AD group.

How are you authenticating the users?
What version of FTD are you running?
Are you using FDM or FMC to manage the FTD?
0 Helpful

Michael Proctor
Level 1
Level 1
In response to Rob Ingram

‎10-25-2019 09:01 AM

I am using an AD realm with the user agent for AD.  FTD version 6.2.3.13 and I am using FMC.

0 Helpful

Marius Gunnerud
VIP
VIP

‎10-25-2019 02:31 PM

Here is a decent document on what you are trying to do.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214283-configure-anyconnect-ldap-mapping-on-fir.html

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Herald Sison
Level 3
Level 3

‎05-28-2022 07:57 AM

Try this one. i just found out a minute ago and it worked pretty well you can also try this one.

first create a no access group policy with 0 simul session per user and create an access group policy 

 

I assigned the NO_ACCESS_GP group policy I made which prevents users to access vpn to the default policy of the Tunnel Group that I made which is the Employees tunnel group then i target the VPN_Users security group from AD in the ldap attribute maps and use the RAVPN_GP so users that belong to that ldap attribute map are the ones who are allowed to access the VPN.

 

1.jpg2.jpg

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents