{"id":676,"date":"2012-06-01T00:00:00","date_gmt":"2012-06-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/06\/01\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou\/"},"modified":"2021-07-24T18:15:16","modified_gmt":"2021-07-24T18:15:16","slug":"cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html","title":{"rendered":"Cisco ASA &#8211; Group-policy assignment based on OU"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-662f7fbf1af81\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-662f7fbf1af81\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Purpose\" title=\"Purpose\">Purpose<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Summary\" title=\"Summary\">Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Configuration_Example\" title=\"Configuration Example\">Configuration Example<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Radius\" title=\" Radius\"> Radius<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Cisco_ASA\" title=\"Cisco ASA\">Cisco ASA<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Debugging\" title=\"Debugging\">Debugging<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#debug_radius_all\" title=\"debug radius all\">debug radius all<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#show_vpn-sessiondb_webvpn\" title=\"show vpn-sessiondb webvpn\">show vpn-sessiondb webvpn<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\/#Caveats\" title=\"Caveats\">Caveats<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Purpose\"><\/span><span><strong>Purpose<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span>The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Summary\"><\/span><span><strong>Summary<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span>The Cisco ASA firewall includes the ability to assign a user to a group policy based on their OU group. This is achieved via the use of the <span class=\"content\">IETF RADIUS Attribute 25. <br \/> <span class=\"content\"><span class=\"content\">This attribute contains the users OU and is sent by the Radius server (to the ASA) during the RADIUS Authentication and Authorization process.<\/span><\/span><\/span><\/span><\/p>\n<p><span><span class=\"content\"><span class=\"content\"><span class=\"content\"> <span class=\"content\"><em>Note :<\/em> The <span class=\"content\">IETF RADIUS Attribute 25 is defined within the&nbsp;Network Working Group <a href=\"http:\/\/www.ietf.org\/rfc\/rfc2865.txt\"><span><span style=\"color: #0000ff;\">RFC 2865<\/span>.<\/span><\/a><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Configuration_Example\"><\/span><span><strong><span class=\"content\">Configuration Example<\/span><\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"> Within this example we will use this feature to assign different bookmarks to the user based on which OU group they are in.<\/span><br \/> For this example we will use 2 OU groups. They are<strong> Sales <\/strong>and<strong> Finance.<\/strong> <\/span><\/p>\n<p> In order for the correct group-policy to be assigned based on the OU the OU returned by the Radius server much match the name of the corresponding group-policy. The OU returned must also include a (;) semi colon. Below shows an example :<\/span><\/span><\/span><\/span><\/span><\/p>\n<p class=\"codemulti\">4f 55 3d 54 65 73 74 55 73 65 72 3b&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; OU=TestOU;<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Radius\"><\/span><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"> <strong>Radius<\/strong><\/span><\/span><\/span><\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><strong><\/strong><\/span> Prior to configuring the firewall each user\/group(s) on the Radius server assigned the <span class=\"content\">RADIUS Attribute 25.<\/span><\/span><\/span><\/span><\/p>\n<h4><span class=\"ez-toc-section\" id=\"Cisco_ASA\"><\/span><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><strong>Cisco ASA<\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><strong><\/strong>In essence the ASA configuration is fairly simple. A group-policy is created for each OU (and named accordingly). Along with a single tunnel-group and a AAA server.<br \/><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p class=\"codemulti\"><span><\/span>aaa-server RADServer protocol radius<br \/>aaa-server RADServer (dmz) host 192.168.1.100<br \/>&nbsp;retry-interval 3<br \/>&nbsp;timeout 25<br \/>&nbsp;key ******<br \/>&nbsp;radius-common-pw ******<\/p>\n<p>group-policy Sales internal<br \/>group-policy Sales attributes<br \/>&nbsp;vpn-tunnel-protocol svc webvpn<br \/>&nbsp;webvpn<br \/>&nbsp; url-list value bookmark1<br \/>&nbsp; customization value DfltCustomization<\/p>\n<p>group-policy Finance internal<br \/>group-policy Finance attributes<br \/>&nbsp;vpn-tunnel-protocol svc webvpn<br \/>&nbsp;webvpn<br \/>&nbsp; url-list value bookmark2<br \/>&nbsp; customization value DfltCustomization<\/p>\n<p>tunnel-group WebVPN type remote-access<br \/>tunnel-group WebVPN general-attributes<br \/>&nbsp;address-pool ippool<br \/>&nbsp;authentication-server-group RADServer<br \/>tunnel-group WebVPN webvpn-attributes<br \/>&nbsp;group-alias WEBVPN-EXAMPLE enable<br \/><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\"><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Debugging\"><\/span><strong>Debugging<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>When debugging there are 2 main commands on the ASA. These are :<\/p>\n<p><strong>debug radius all<\/strong> &#8211; shows the response and attributes returned by the RADUIS server.<br \/><strong>sh vpn-sessiondb webvpn<\/strong> &#8211; shows the group-policy and tunnel-group assigned to the user.&nbsp;<\/p>\n<h4><span class=\"ez-toc-section\" id=\"debug_radius_all\"><\/span><strong>debug radius all<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p class=\"codemulti\">cisco-asa# debug radius all<\/p>\n<p>RADIUS packet decode (response)<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>Raw packet data (length = 34)&#8230;..<br \/>02 3a 00 22 e6 28 3c 24 8a d4 87 c1 71 16 ce de&nbsp;&nbsp;&nbsp; |&nbsp; .:.&#8221;.(&lt;$&#8230;.q&#8230;<br \/>74 1d 46 81 19 0e 4f 55 3d 54 65 73 74 55 73 65&nbsp;&nbsp;&nbsp; |&nbsp; t.F&#8230;OU=TestOU; |<\/p>\n<p>Parsed packet data&#8230;..<br \/>Radius: Code = 2 (0x02)<br \/>Radius: Identifier = 58 (0x3A)<br \/>Radius: Length = 34 (0x0022)<br \/>Radius: Vector: E6283C241AD487C17016CBDE741D4681<br \/>Radius: Type = 25 (0x19) Class<br \/>Radius: Length = 14 (0x0E)<br \/>Radius: Value (String) =<br \/>4f 55 3d 54 65 73 74 55 73 65 72 3b&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; OU=TestOU;<br \/>rad_procpkt: ACCEPT<br \/>RADIUS_ACCESS_ACCEPT: normal termination<br \/>RADIUS_DELETE<br \/>remove_req 0xab9dfcec session 0x413e id 58<br \/>free_rip 0xab9dfcec<br \/>radius: send queue empty<\/p>\n<h4><span class=\"ez-toc-section\" id=\"show_vpn-sessiondb_webvpn\"><\/span><strong><\/strong><strong>show vpn-sessiondb webvpn<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p class=\"codemulti\">cisco-asa# sh vpn-sessiondb webvpn<\/p>\n<p>Session Type: WebVPN<\/p>\n<p>Username&nbsp;&nbsp;&nbsp;&nbsp; : Test &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Index&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 2395<br \/>Public IP&nbsp;&nbsp;&nbsp; : 88.88.88.88<br \/>Protocol&nbsp;&nbsp;&nbsp;&nbsp; : Clientless<br \/>License&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : SSL VPN<br \/>Encryption&nbsp;&nbsp; : RC4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Hashing&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : SHA1<br \/>Bytes Tx&nbsp;&nbsp;&nbsp;&nbsp; : 52548&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bytes Rx&nbsp;&nbsp;&nbsp;&nbsp; : 21453<br \/>Group Policy : TestOU &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Tunnel Group : WebVPN<br \/>Login Time&nbsp;&nbsp; : 09:27:03 cdt Wed May 2 2012<br \/>Duration&nbsp;&nbsp;&nbsp;&nbsp; : 0h:11m:55s<br \/>Inactivity&nbsp;&nbsp; : 0h:00m:00s<br \/>NAC Result&nbsp;&nbsp; : Unknown<br \/>VLAN Mapping : N\/A&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; VLAN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : none<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Caveats\"><\/span><strong>Caveats<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The main caveat with this configuration method is when using the same AAA server for different tunnel-groups. If the same authentication-server-group (RADUIS server) is assigned, when the <span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\">RADIUS Attribute 25 is returned the user will be assigned to the relevant group-policy based on their OU regardless of which tunnel-group they have arrived on.<\/span><\/span><\/span><\/span><\/p>\n<p><span style=\"color: #000000;\" class=\"content\"><span class=\"content\"><span class=\"content\"><span class=\"content\">As you can imagine this can cause a number of complications especially when arriving via an IPSEC tunnel-group only to then be assigned to a WebVPN group policy. The result to the client is a &#8220;<span style=\"color: #ff0000;\"><em><strong>Reason 433: Reason Not Specified by Peer<\/strong><\/em><\/span>&#8220;<\/span><\/span><\/span><\/span><\/p>\n<p>The work around to this is to assign different users or authentication-server-groups to each tunnel-group.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group. Summary The Cisco ASA firewall includes the ability to assign a user to a group policy based on their OU group. This is achieved via the use of the &#8230; <a title=\"Cisco ASA &#8211; Group-policy assignment based on OU\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\" aria-label=\"Read more about Cisco ASA &#8211; Group-policy assignment based on OU\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cisco ASA - Group-policy assignment based on OU - Fir3net<\/title>\n<meta name=\"description\" content=\"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco ASA - Group-policy assignment based on OU - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2012-06-01T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T18:15:16+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Cisco ASA &#8211; Group-policy assignment based on OU\",\"datePublished\":\"2012-06-01T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:15:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\"},\"wordCount\":774,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Cisco Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\",\"name\":\"Cisco ASA - Group-policy assignment based on OU - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2012-06-01T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:15:16+00:00\",\"description\":\"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cisco Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/cisco\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Cisco ASA &#8211; Group-policy assignment based on OU\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco ASA - Group-policy assignment based on OU - Fir3net","description":"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html","og_locale":"en_US","og_type":"article","og_title":"Cisco ASA - Group-policy assignment based on OU - Fir3net","og_description":"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html","og_site_name":"Fir3net","article_published_time":"2012-06-01T00:00:00+00:00","article_modified_time":"2021-07-24T18:15:16+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Cisco ASA &#8211; Group-policy assignment based on OU","datePublished":"2012-06-01T00:00:00+00:00","dateModified":"2021-07-24T18:15:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html"},"wordCount":774,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Cisco Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html","name":"Cisco ASA - Group-policy assignment based on OU - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2012-06-01T00:00:00+00:00","dateModified":"2021-07-24T18:15:16+00:00","description":"Purpose The purpose of this document is to explain the configuration methods required to assign to a group-policy to a user based on their OU group.","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-displaying-webvpn-bookmarks-based-on-ldap-ou.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Cisco Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/cisco"},{"@type":"ListItem","position":5,"name":"Cisco ASA &#8211; Group-policy assignment based on OU"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/676"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=676"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/676\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}