12-24-2012 03:59 AM
Dear All,
We are trying to manage our Cisco ASA 5520 (8.2.5) SSL clients through Active Directory(ldap).
Currently the SSL VPN tunnel is up and all users are able to connect being authenticated by AD. but Group-policy to AD groups are not working. all the domain users are able to go to all the group policies .
I need to give access only to their respective Group policy in ASA. Following are the available groups and GP.
https://vpn.*.net/IT --- Only IT guys (AD-group- SSLVPN_IT , ASA-GP -SSLVPN_IT)
https://vpn.*.net/EPG-Vendor- only EPG vendor ( AD-group-SSLVPN_EPG , ASA -GP - SSLVPN_EPG-Vendor)
https://vpn.**.net/USERS- only users (AD-group-SSLVPN_Users, ASA-GP -SSLVPN_USERS)
Attached is the configs done for this.
Please help to achieve this
Thanks
Solved! Go to Solution.
12-26-2012 08:22 AM
Hello,
1/ map-value memberOf-test, what is memberOf-test ?
map-name memberOf Group-Policy
2/ in AAA server definition you need to "link" the definition to ldap-attribute-map :
ldap-attribute-map LDAP_AUTH
3/ you can aslo add :
group-lock value YOUR_TUNNEL
to your
group-policy XXXX attributes
hope it helps.
Regards.
12-25-2012 04:11 AM
Could some one shed some light on this.
12-26-2012 08:22 AM
Hello,
1/ map-value memberOf-test, what is memberOf-test ?
map-name memberOf Group-Policy
2/ in AAA server definition you need to "link" the definition to ldap-attribute-map :
ldap-attribute-map LDAP_AUTH
3/ you can aslo add :
group-lock value YOUR_TUNNEL
to your
group-policy XXXX attributes
hope it helps.
Regards.
01-03-2013 11:35 AM
Sorry for being late to reply.
Thanks for the input.
Besides the options you gave i had to reconfigure the ldap map value with correct group-policy.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: