We defined an LDAP group referencing our AD:
Account Unit: ad.lair.co.za__AD
Group's scope: Only group in branch (DN prefix)
Prefix: CN=vpn_access,OU=Firewall,OU=Security Groups,OU=Syrex
We then link this through to the Mobile Access Office Mode settings:
Nested LDAP groups work perfectly for security policy firewall rules but VPN access is not granted unless members are direct members of the vpn_access AD security group.
Is this a bug, known limitation or is there a setting I should be changing somewhere?