11-07-2022 09:44 AM
Question, we have a VPN using AnyConnect client. Yet I have user(s) within our (O) organization but not in our OU that have access. How is that possible? I have our VPN using LDAP. Should only user within my OU be able to access our location if using AD? Used this document to initially configure LDAP.
11-07-2022 09:55 AM - edited 11-07-2022 10:21 AM
@james.king14 it depends on your LDAP configuratoin. You can use the ASA LDAP attribute-map to assign a group-policy with "vpn-simultaneous-logins" set to 0 for users that hould not have VPN access. Example: https://integratingit.wordpress.com/2020/04/03/asa-remote-access-vpn-using-ldap/
Or potentially if possible modify the LDAP base DN.
11-07-2022 10:22 AM
Additional to what Mr @Rob Ingram mention
I check the config you not config any LADP mapping ?
so all user use default group-policy I think
you need to assign LDAP mapping
link below help you
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide