<div>
Setup a VPN users security group in AD and use that group as the basis for authentication.
</div>


Setup a VPN users security group in AD and use that group as the basis for authentication.

<div>
ok... <br />
<br />
Do you have any documentation or instruction on how to accomplish this?<br />
<br />
Thanks.
</div>


ok...

Do you have any documentation or instruction on how to accomplish this?

Thanks.

<div>
Check this Cisco site it has configuration steps for all sorts of things but look up the one that says: Configuring Mutual Group Authentication it's a hyperlink towards the middle of the page.<br />
<br />
<a href="http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html" rel="ugc">http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html</a>
</div>


Check this Cisco site it has configuration steps for all sorts of things but look up the one that says: Configuring Mutual Group Authentication it's a hyperlink towards the middle of the page.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html [http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html]

<div>
Unfortunately that does not help. I am looking for information specific to the Anyconnect SSL configuration for AD/LDAP authentication on the ASA platform.
</div>


Unfortunately that does not help. I am looking for information specific to the Anyconnect SSL configuration for AD/LDAP authentication on the ASA platform.

<div>
<div class="content wysiwyg-content">
I have a Cisco Anyconnect SSL remote access VPN configured to use an Active Directory authenticated username and login to connect. I want to add another step of authorization, to check the user against AD, and only allow them to connect IF they are in an assigned AD group. Is there a way to authenticate against AD and check to see if they are in the specified group before logging them into the VPN?<br />
<br />
Thanks!
</div>
</div>


I have a Cisco Anyconnect SSL remote access VPN configured to use an Active Directory authenticated username and login to connect. I want to add another step of authorization, to check the user against AD, and only allow them to connect IF they are in an assigned AD group. Is there a way to authenticate against AD and check to see if they are in the specified group before logging them into the VPN?

Thanks!

Cisco Anyconnect - Microsoft AD Authorization

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.