Enforcing logon hours and time-of-day rules – Cisco ASA 5505 User Manual

Page 1923

Advertising
background image

C-25

Cisco ASA 5500 Series Configuration Guide using the CLI

Appendix C Configuring an External Server for Authorization and Authentication

Configuring an External LDAP Server

Figure C-11

Login Denied Message for AnyConnect Client User

Enforcing Logon Hours and Time-of-Day Rules

The following example shows how to configure and enforce the hours that a clientless SSL user (such as
a business partner) is allowed to access the network.

On the AD server, use the Office field to enter the name of the partner, which uses the
physicalDeliveryOfficeName attribute. Then we create an attribute map on the ASA to map that attribute
to the Cisco attribute Access-Hours. During authentication, the ASA retrieves the value of
physicalDeliveryOfficeName and maps it to Access-Hours.

To configure the user attributes on the AD /LDAP server, perform the following steps:

Step 1

Select the user, and right-click Properties.

The Properties dialog box appears (see

Figure C-12

).

Step 2

Click the General tab.

Advertising