Trying to break some new ground on ASA 8.4(2) VPN configuration (quite a number of changes....)
Need to map AD group membership onto a group policy selection. (1) Previous examples are using the Cisco name "IETF-Radius-Class" to map into the policy name, while 8.4(2) seems to want "Group Policy" saying that replaces IETF-Radius-Class. (2) You can now specify a "Group Base DN" for the group membership location, so I have a "OU=Groups,DC=our,DC=domain,DC=specification". I don't seem to be getting hits on the group membership (memberOf) on any of: a) plain old group name (FOOBAR), b) qualified item name (CN=FOOBAR), c) fully-qualified group name (CM=FOOBAR,OU=Groups,DC=our,DC=domain,DC=specification) Anyone crossed this bridge and kept notes they could share? Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/