Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
5
Helpful
2
Replies

VPN Connection outside of Domain

james.king14
Level 1
Level 1

‎11-07-2022 09:44 AM

Question, we have a VPN using AnyConnect client.  Yet I have user(s) within our (O) organization but not in our OU that have access.  How is that possible?  I have our VPN using LDAP.  Should only user within my OU be able to access our location if using AD? Used this document to initially configure LDAP.

Labels:
Preview file
333 KB
Preview file
152 KB
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-07-2022 09:55 AM - edited ‎11-07-2022 10:21 AM

@james.king14 it depends on your LDAP configuratoin. You can use the ASA LDAP attribute-map to assign a group-policy with "vpn-simultaneous-logins" set to 0 for users that hould not have VPN access. Example: https://integratingit.wordpress.com/2020/04/03/asa-remote-access-vpn-using-ldap/

Or potentially if possible modify the LDAP base DN.

MHM Cisco World
VIP
VIP

‎11-07-2022 10:22 AM

Additional to what Mr @Rob Ingram  mention
I check the config you not config any LADP mapping ?
so all user use default group-policy I think 
you need to assign LDAP mapping 
link below help you 
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

 

0 Helpful
Customers Also Viewed These Support Documents