cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
893
Views
0
Helpful
3
Replies

SSL vpn

Shibu1978
Level 1
Level 1

Dear All,

We are trying to manage our Cisco ASA 5520 (8.2.5) SSL clients through Active Directory(ldap).

Currently the SSL VPN tunnel is up and all users are able to connect being authenticated by AD. but Group-policy to AD groups are not working. all the domain users are able to go to all the group policies .

I need to give access only to their respective Group policy in ASA.  Following are the available groups and GP.

https://vpn.*.net/IT  --- Only IT guys (AD-group- SSLVPN_IT , ASA-GP -SSLVPN_IT)

https://vpn.*.net/EPG-Vendor- only EPG vendor ( AD-group-SSLVPN_EPG , ASA -GP - SSLVPN_EPG-Vendor)

https://vpn.**.net/USERS- only users  (AD-group-SSLVPN_Users, ASA-GP -SSLVPN_USERS)

Attached is the configs done for this.

Please help to achieve this

Thanks

1 Accepted Solution

Accepted Solutions

Hello,

1/ map-value memberOf-test, what is memberOf-test ?

map-name memberOf Group-Policy

2/ in AAA server definition you need to "link" the definition to ldap-attribute-map :

ldap-attribute-map LDAP_AUTH

3/ you can aslo add :

group-lock value YOUR_TUNNEL

to your

group-policy XXXX attributes

hope it helps.

Regards.

View solution in original post

3 Replies 3

Shibu1978
Level 1
Level 1

Could some one shed some light on this.

Hello,

1/ map-value memberOf-test, what is memberOf-test ?

map-name memberOf Group-Policy

2/ in AAA server definition you need to "link" the definition to ldap-attribute-map :

ldap-attribute-map LDAP_AUTH

3/ you can aslo add :

group-lock value YOUR_TUNNEL

to your

group-policy XXXX attributes

hope it helps.

Regards.

Sorry for being late to reply.

Thanks for the input.

Besides the options you gave i had to reconfigure the ldap map value with correct group-policy.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: