Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco Anyconnect + ASA + 2 Factor Authentication + Authorization + AD/LDAP

Posted on 2012-08-13
Medium Priority
Last Modified: 2012-08-17
Hi Experts

Have recently deployed a Cisco Anyconnect VPN Solution with 2 Factor Authentication and Posture assessment of Client Machines.

I would need to add some authorization to the solution such that I have the following connections profiles setup;

Group A - Default - all users have access (except Group B users)

Group B - Only member of LDAP group "Security" has access

Please could you provide any documentation that might help with this?

Or any useful information

Question by:Nayyar HH (CCIE RS)
LVL 65

Accepted Solution

btan earned 1500 total points
ID: 38290461
Wondering if you saw this. It looks to me in the "Group Policy" to be specified in the connection profile for the VPN client. Also check out where there is option to state the users have to be in certain authriosation DB be to connect ....


More info on group policy in

Two-Factor Authentication and Authorization Mode
LVL 15

Author Closing Comment

by:Nayyar HH (CCIE RS)
ID: 38306337
Thanks breadtan docs were helpful

Eventually Implemented on the ACS 5.x with Service Selection Rules -

Used Radius attr id 25 on ACS to return group policy to be applied to user (based on his AD group membership)

Didn't need to configure Authorization on ASA as RADIUS was used

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question