asa 5505 vpn and DAP policies

Home Forums Networking Cisco Security – PIX/ASA/VPN asa 5505 vpn and DAP policies

Viewing 1 post (of 1 total)
  • Author
  • Avatar


    We have an ASA 5505 and its configured to use a Freeradius server that authenticates using openLDAP. I’m trying to configure Dynamic Access Policies to restrict access based upon what group a user belongs to. In LDAP I have an attribute called vpnaccess with values “systems” and “common”. Also, I’ve created an LDAP Attribute Map mapping the vpnaccess to `Cisco IETF-Radius-Class’, mapped the two attribute values to Cisco Attribute Values. I think this is where I get hung up. I created a DAP policy with a AAA Attribute: Radius.25 = vpnAccess. When I connect it doesn’t select my DAP policy but falls through and selects the DflltAccessPolicy which I have configured to terminate the connection.

    Any ideas where I’ve gone wrong?

    Thanks in advance.

    Clients: SSL/AnyConnect
    ASDM: 6.2
    ASA: 8.2(1)

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.