AmericanBridge
asked on
Cisco Anyconnect - Microsoft AD Authorization
I have a Cisco Anyconnect SSL remote access VPN configured to use an Active Directory authenticated username and login to connect. I want to add another step of authorization, to check the user against AD, and only allow them to connect IF they are in an assigned AD group. Is there a way to authenticate against AD and check to see if they are in the specified group before logging them into the VPN?
Thanks!
Thanks!
Setup a VPN users security group in AD and use that group as the basis for authentication.
ASKER
ok...
Do you have any documentation or instruction on how to accomplish this?
Thanks.
Do you have any documentation or instruction on how to accomplish this?
Thanks.
Check this Cisco site it has configuration steps for all sorts of things but look up the one that says: Configuring Mutual Group Authentication it's a hyperlink towards the middle of the page.
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html
ASKER
Unfortunately that does not help. I am looking for information specific to the Anyconnect SSL configuration for AD/LDAP authentication on the ASA platform.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.