Link to home
Avatar of AmericanBridge
AmericanBridge

asked on

Cisco Anyconnect - Microsoft AD Authorization

I have a Cisco Anyconnect SSL remote access VPN configured to use an Active Directory authenticated username and login to connect. I want to add another step of authorization, to check the user against AD, and only allow them to connect IF they are in an assigned AD group. Is there a way to authenticate against AD and check to see if they are in the specified group before logging them into the VPN?

Thanks!
Avatar of MHMAdmins
MHMAdmins
Flag of United States of America image

Setup a VPN users security group in AD and use that group as the basis for authentication.
Avatar of AmericanBridge
AmericanBridge

ASKER

ok...

Do you have any documentation or instruction on how to accomplish this?

Thanks.
Check this Cisco site it has configuration steps for all sorts of things but look up the one that says: Configuring Mutual Group Authentication it's a hyperlink towards the middle of the page.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html
Unfortunately that does not help. I am looking for information specific to the Anyconnect SSL configuration for AD/LDAP authentication on the ASA platform.
ASKER CERTIFIED SOLUTION
Avatar of rauenpc
rauenpc
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial