Chapter 65
Configuring Dynamic Access Policies
You can query an Active Directory server for available AD groups in this pane. This feature applies only
to Active Directory servers using LDAP. Use the group information to specify dynamic access policy
AAA selection criteria.
You can change the level in the Active Directory hierarchy where the search begins by changing the
Group Base DN in the Edit AAA Server pane. You can also change the time that the adaptive security
appliance waits for a response from the server in the window. To configure these features, choose
Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups > Edit AAA Server.
If the Active Directory server has a large number of groups, the list of AD groups retrieved may be
Note
truncated based on limitations of the amount of data the server can fit into a response packet. To avoid
this problem, use the filter feature to reduce the number of groups reported by the server.
Fields
AD Server Group—The name of the AAA server group to retrieve AD groups.
Filter By—Specify a group or the partial name of a group to reduce the groups displayed.
Group Name—A list of AD groups retrieved from the server.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit Endpoint Attributes
Figure 65-6
OL-20339-01
Security Context
Transparent Single
•
•
shows the Add Endpoint Attributes dialog box.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
Understanding VPN Access Policies
65-19