12-14-2012 08:10 AM
Is it possible to deny VPN access to specific AD accounts?
Currently setup with 5520, LDAP authentication for VPN users.
Solved! Go to Solution.
12-14-2012 08:22 AM
You can use Dial-in of user account properties and you need to map with this user attribute in the ASA. Configuration will look like this.
ldap attribute-map CISCOMAP map-name msNPAllowDialin cVPN3000-IETF-Radius-Class map-value msNPAllowDialin FALSE NOACCESS map-value msNPAllowDialin TRUE ALLOWACCESS |
aaa-server LDAPGROUP protocol ldap aaa-server LDAPGROUP host 172.18.254.49 server-type microsoft ldap-attribute-map CISCOMAP |
If you select Allow access in user AD attributes then user can connect vpn otherwise not.
With Regards,
Safwan
Don't forget to rate helpful posts
12-14-2012 08:52 AM
No, its not possible with kerberos authentication. but you can do like this, kerberose for authentication and ldap for authorization.
With Regards,
Safwan
Don't forget to rate helpful posts
12-14-2012 08:22 AM
You can use Dial-in of user account properties and you need to map with this user attribute in the ASA. Configuration will look like this.
ldap attribute-map CISCOMAP map-name msNPAllowDialin cVPN3000-IETF-Radius-Class map-value msNPAllowDialin FALSE NOACCESS map-value msNPAllowDialin TRUE ALLOWACCESS |
aaa-server LDAPGROUP protocol ldap aaa-server LDAPGROUP host 172.18.254.49 server-type microsoft ldap-attribute-map CISCOMAP |
If you select Allow access in user AD attributes then user can connect vpn otherwise not.
With Regards,
Safwan
Don't forget to rate helpful posts
12-14-2012 08:28 AM
Thanks for the reply.
What if the authentication is Kerberos?
12-14-2012 08:52 AM
No, its not possible with kerberos authentication. but you can do like this, kerberose for authentication and ldap for authorization.
With Regards,
Safwan
Don't forget to rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide