cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
584
Views
2
Helpful
4
Replies

How to authorize in cisco AnyConnect

Our remote workers utilize RAVPN  by installing AnyConnect software on their work machines. To distinguish users based on their groups, I employ Group Policy. While the authentication process is functioning correctly, an issue arises where any authorized user can access VPN profiles belonging to other groups. We have configured AD on the authentication server.

How can I configure the AD and FMC to ensure that users are authenticated solely based on their respective groups, thereby isolating them from accessing VPN profiles outside of their designated groups?

1 Accepted Solution

Accepted Solutions

tvotna
Spotlight
Spotlight

You can assign group-policy with LDAP attribute maps when users are authenticated to AD via LDAP. For this you can use memberOf LDAP attribute or some other attribute in LDAP schema:

https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/216313-configure-ra-vpn-using-ldap-authenticati.html

memberOf attribute is ok if a user belongs to a single AD group for mapping purposes, otherwise the mapping can lead to unexpected results.

 

View solution in original post

4 Replies 4

tvotna
Spotlight
Spotlight

You can assign group-policy with LDAP attribute maps when users are authenticated to AD via LDAP. For this you can use memberOf LDAP attribute or some other attribute in LDAP schema:

https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/216313-configure-ra-vpn-using-ldap-authenticati.html

memberOf attribute is ok if a user belongs to a single AD group for mapping purposes, otherwise the mapping can lead to unexpected results.

 

Thank you, it was effective for me based on the URL. I work for the LDAP attribute maps on the Authorization, and it worked.

DAP is unnecessary to achieve this goal.