[c-nsp] Quick (?) ASA VPN w/AD question...
Jeff Kell
jeff-kell at utc.edu
Mon Jan 30 16:41:00 EST 2012
Trying to break some new ground on ASA 8.4(2) VPN configuration (quite a number of
changes....)
Need to map AD group membership onto a group policy selection.
(1) Previous examples are using the Cisco name "IETF-Radius-Class" to map into the
policy name, while 8.4(2) seems to want "Group Policy" saying that replaces
IETF-Radius-Class.
(2) You can now specify a "Group Base DN" for the group membership location, so I have a
"OU=Groups,DC=our,DC=domain,DC=specification".
I don't seem to be getting hits on the group membership (memberOf) on any of:
a) plain old group name (FOOBAR),
b) qualified item name (CN=FOOBAR),
c) fully-qualified group name (CM=FOOBAR,OU=Groups,DC=our,DC=domain,DC=specification)
Anyone crossed this bridge and kept notes they could share?
Jeff
More information about the cisco-nsp
mailing list