So we've set up our new ASA5510 with LDAP/AD authentication and it's working great. We're using the SSL Any Connect client. The only thing is it seems that every single AD user now has a VPN account which is a little scary. I'm not sure if I need an add-on to my AD for Cisco devices or what but I'm not sure how to make the ASA and my LDAP seemless. I don't want every AD user thinking they can suddenly jump on from home whenever they want. Where do I define security for the VPN within AD?