The LDAP-maps are based on

W S H FERNANDO · ‎08-11-2015

Hi all

I'm new to Security world and need some help to configure below..

I have Anyconnect VPN profiles configured with ASA. I have 5 profiles and authentication is done by LDAP. Every user can see all VPN profiles when they try to login.But I need to hide profiles from authentication window and I need to configure ASA to select a profile automatically based on Authentication is this possible with ASA ?

For example when Contract user trying to connect Anyconnect, after authentication ASA should assign Contract Profile (user should not be able to select)

Please guide how to do this .. Big help

Regds

$

Karsten Iwen · ‎08-11-2015

If you authenticate all users the same way, you only need one connection-profile/tunnel-group. And then you don't need the drop-down-list.

The group-policy is selected based on the AD-groups with an LDAP-Map.

W S H FERNANDO · ‎08-12-2015

Hi Iwen

Thnaks for the reply.

Actually All users are authenticating via LDAP, same way.

But users are in different OUs in AD. So I need to assign Profile automatically based on AD OU..

Regds

$

Karsten Iwen · ‎08-14-2015

The LDAP-maps are based on the DN of the users. If all users in the same OU get the same access, you are fine. If not, you can use extra Windows-groups to control which group-policies get applied to which users.

Hide VPN Profiles with LDAP