Avatar of AmericanBridge
AmericanBridge
 asked on

Cisco Anyconnect - Microsoft AD Authorization

I have a Cisco Anyconnect SSL remote access VPN configured to use an Active Directory authenticated username and login to connect. I want to add another step of authorization, to check the user against AD, and only allow them to connect IF they are in an assigned AD group. Is there a way to authenticate against AD and check to see if they are in the specified group before logging them into the VPN?

Thanks!
Hardware FirewallsCiscoVPN

Avatar of undefined
Last Comment
rauenpc

8/22/2022 - Mon
MHMAdmins

Setup a VPN users security group in AD and use that group as the basis for authentication.
AmericanBridge

ASKER
ok...

Do you have any documentation or instruction on how to accomplish this?

Thanks.
MHMAdmins

Check this Cisco site it has configuration steps for all sorts of things but look up the one that says: Configuring Mutual Group Authentication it's a hyperlink towards the middle of the page.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch1.html
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
AmericanBridge

ASKER
Unfortunately that does not help. I am looking for information specific to the Anyconnect SSL configuration for AD/LDAP authentication on the ASA platform.
ASKER CERTIFIED SOLUTION
rauenpc

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question