Forum Discussion
How to add assign VPN IP based on AD group membership
Create two lease pools. One for 10.10.10.0/24 (i.e. lease-pool-us) and one for 10.10.20.0/24 (lease-pool-uk). Then create two Network Access resources, one for us, one for uk and use the corresponding lease pool in it.
then create a visual policy with different paths for different AD groups, in the one path do the Network Access assignment for us and in the other do the uk assignment.
Thanks for the reply ...
So I have to create AD query with multiple (3) fallback : one for US_AD_F5 & one for UK_AD_F5 and ast fallback is DENY .
- Scot_JCNov 18, 2022Employee
Hi,
You can also set the ADQuery agent with a single "Successful" branch (configured with the expression "AD Query has passed") and leverage the AD Group Resource Assign agent: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-assignment-items/about-ad-group-resource-assign.html
Regards,
- boneyardNov 27, 2022MVP
That would work yes. Did you get this worked out? If so please flag the question as answered.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com