Solved: SSL vpn

Shibu1978 · ‎12-24-2012

Dear All,

We are trying to manage our Cisco ASA 5520 (8.2.5) SSL clients through Active Directory(ldap).

Currently the SSL VPN tunnel is up and all users are able to connect being authenticated by AD. but Group-policy to AD groups are not working. all the domain users are able to go to all the group policies .

I need to give access only to their respective Group policy in ASA. Following are the available groups and GP.

https://vpn.*.net/IT --- Only IT guys (AD-group- SSLVPN_IT , ASA-GP -SSLVPN_IT)

https://vpn.*.net/EPG-Vendor- only EPG vendor ( AD-group-SSLVPN_EPG , ASA -GP - SSLVPN_EPG-Vendor)

https://vpn.**.net/USERS- only users (AD-group-SSLVPN_Users, ASA-GP -SSLVPN_USERS)

Attached is the configs done for this.

Please help to achieve this

Thanks

lionel valero · ‎12-26-2012

Hello,

1/ map-value memberOf-test, what is memberOf-test ?

map-name memberOf Group-Policy

2/ in AAA server definition you need to "link" the definition to ldap-attribute-map :

ldap-attribute-map LDAP_AUTH

3/ you can aslo add :

group-lock value YOUR_TUNNEL

to your

group-policy XXXX attributes

hope it helps.

Regards.

View solution in original post

Shibu1978 · ‎12-25-2012

Could some one shed some light on this.

lionel valero · ‎12-26-2012