Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
1
Replies

WebVPN Groups

Rodrigo Gurriti
Level 3
Level 3

‎02-07-2011 04:28 AM

Hello,

I'd like to know if is possivle to use the LDAP to match a profile for webvpn users.

Right now i have to use the drag-drop on the Login menu, but I'm about to get around 20 to 40 groups. I would like to users login with out selecting a group. Can the ASA locate where the user is located on the LDAP and then assin the user a profile group ?

I searched on the config guides but did not find anything like it.

Thank you

Labels:
Preview file
72 KB
0 Helpful
1 Reply 1

Praveena Shanubhogue
Level 1
Level 1

‎02-07-2011 06:34 AM

Hi Rodrogo,

Basically what governs a tunnel-group is the group-policy associated with it.

If we already have ldap authentciation server setup on the ASA, we can configure:

1. AD to set the group-policy value to be in authorization-packet to the ASa

(Ex: User Properties > Organization > "Department")

2. Configure ASA so that it can read the value sent by the AD and place the user in that particular group-policy.

(configure ldap attribute-map and associate it with ldap server-group)

You have other options like, tunnel-group-lock.

Link:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1661573

Also you may explore DAP:

https://supportforums.cisco.com/docs/DOC-1369

HTH

Regards,


Praveen

0 Helpful
Customers Also Viewed These Support Documents