![]() Connect to Cisco ASA via CLI (SSH) and create LDAP mapping: Create two AD groups in your domain controller and add users to them who would like to have remote VPN access.Ģ. This HOWTO is valid until we get proper implementation via multiple RADIUS profiles: SecurID Access RADIUS Profile mapped to AD Groupġ. ![]() (Class - OU=Employees ) to certain AD groups. The reason for this is currently IDR doesn't support multiple RADIUS profiles and mapping custom RADIUS class attributes e.g. Contractors won't be able to login into Employees tunnel group and vice versa. Employees will have full network access and Contractors will have limited access to internal network. The finished configuration will have two Tunnel Groups one called Employees other Contractors. I will describe how to setup RSA SecurID Access Identity Router (IDR), LDAP, Cisco ASA's Remote Access VPN (An圜onnect) to perform Authentication via IDR's RADIUS server and Authorization via LDAP (Active Directory).
0 Comments
Leave a Reply. |