Educause Security Discussion mailing list archives
Re: How to Protect Campus Sensitive Servers - Solution
From: schilling <schilling2006 () GMAIL COM>
Date: Fri, 5 Feb 2010 09:49:04 -0500
Hi All, There once a white paper called Cisco ASA LDAP Integration Use Cases on 6200networks.com(now available as other site, either hijacked or registered by somebody else) run by Cisco employee Joe Harris. There are use cases about group mapping. I still had a hard copy of the white paper, but could not find a e-copy. If someone had it, please share with the group. Shiling Ding Information Technology Services Florida State University On Fri, Feb 5, 2010 at 9:19 AM, Di Fabio, Andrea <adifabio () nsu edu> wrote:
I received a lot of requests to share our Dynamic Split tunnel configuration, so I am just going to post it to the group. I remember doing this 3 or 4 years ago, and looking back at the ASA configuration, there is nothing special in the actual ASA configuration, besides multiple VPN Group Policies. So let's say you create 2 group policies: VPN_Faculty VPN_Staff As you know each one can have its own DHCP pool, split tunnel (called network list), ACL, etc. What you want to do, is to create Radius mappings for users. We did this based on AD groups, and assigned the following Radius Attribute for each Radius Policy: For users matching faculty groups in AD/Radius Attribute Name: Class Attribute Number: 25 Attribute Format: OctetString Value: OU=VPN_Faculty; For users Matching Staff groups in AD/Radius Attribute Name: Class Attribute Number: 25 Attribute Format: OctetString Value: OU=VPN_Staff; Etc. Note that the value must match the VPN group policy and the string is case sensitive and it REQUIRES the SEMICOLON at the end or it won't work. I did a quick Google search and I found the following document: http://crazyvlan.blogspot.com/2008/02/vpn-and-radius-with-cisco-asa-and.html which seems to explain it better than what I may have done. I hope this helps. Andrea Di Fabio Information Security Officer High Performance Computing Technology Coordinator Norfolk State University Office of Information Technology Marie V. McDemmond Center for Applied Research, Rm 401F 555 Park Avenue, Suite 401 Norfolk, Virginia 23504 757-823-2896 Office 757-823-2128 Fax
Current thread:
- How to Protect Campus Sensitive Servers - Solution Di Fabio, Andrea (Feb 05)
- <Possible follow-ups>
- Re: How to Protect Campus Sensitive Servers - Solution schilling (Feb 05)
- Re: How to Protect Campus Sensitive Servers - Solution schilling (Feb 05)