I would like to know if anyone is trying to validate VPN clients (SSL) in an MX with an AD, assigning permissions according to the profile configured in the AD? In the Meraki documentation, it is stated that this would not be possible, which suggests to me a very important security vulnerability, once a client is connected.
Is it possible to link the AD configuration carried out in the VPN clients section with the policy profiles in the AD section?
If you want to assign differentiated permissions to VPN clients, your AnyConnect-users have to be authenticated with RADIUS (which in turn can use AD). The RADIUS server can return the name of a group-policy that restricts the users access.
Thanks to both! The access will not be via anyconnect, but native VPN of the device that the user has. Would it still work with Radius? I cannot force a client to have Radius, but I can propose it, although I find the change difficult. It should be resolved by Meraki.