We did the exact same thing with our 5505. Actually our VAR did it so I can't tell you exactly what to do, I'm anything but a Cisco guru. According to their notes they did it strictly with LDAP. I created 3 user groups and depending on which group you are a member of you get a different profile on the ASA with different links apps etc. If you tell me where to look in the ASA config I could send you some screen shots of our config. We are strictly 2003 domain here but I don't think that should make a difference. Niles
________________________________ From: Michael Adamson [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2008 7:23 AM To: NT System Admin Issues Subject: Cisco ASA with Multiple AD Groups I've been trying to figure this out for quite a while without any luck. We are using a Cisco ASA 5510 8.3 with a mix 2000/2003 domain and are wanting to have multiple SSL dependant on Active Directory group membership. We want to setup multiple SSL profiles Admin, Staff, Consult etc with each group authenticated back to a corresponding Active Directory group and also restricting users to only their assigned profile. I have been unable to have more than one group authenticate either via Radius(MS IAS) or LDAP and have been unable to split the groups up. At present my only options is to setup multiple Radius servers corresponding to different profiles on the ASA. Can anyone give me pointers on what I might be doing wrong? Thanks Michael Health World Ltd ABN: 73 010 636 165 741 Nudgee Rd Northgate QLD 4013 Ph: +61 7 3117 3300 Fax: +61 7 3117 3399 Visit us at: www.metagenics.com.au Disclaimer: This email message (and attachments) may contain information that is confidential to Health World Limited. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Health World Limited are neither given nor endorsed by it. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
