https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375017#M960665 <P>Have you tried applying these rules using tunnel policies?</P> Sun, 29 Apr 2018 09:20:27 GMT Marius Gunnerud 2018-04-29T09:20:27Z https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3374985#M960594 <P>Hello,</P> <P>&nbsp;</P> <P>After deploying Anyconnect VPN and successfully allowing the Anyconect IP Pool to access the internal network resource, now I am facing challenges to deploy a internet policy for these Anyconnect VPN user.</P> <P>&nbsp;</P> <P>I want to restrict the Anyconnect users going out on the internet using a AD username based policy.</P> <P>&nbsp;</P> <P>When I create a outside to outside policy keeping the source as the Anyconnect VPN pool and destination as any with defined AD users and applications like outlook then this policy doesn't hit.</P> <P>&nbsp;</P> <P>It seems that the FTD is not able to check the AD users added to the policy.</P> <P>&nbsp;</P> <P>The rest of the inside to outside policies based on AD username, are working perfectly fine !</P> <P>&nbsp;</P> <P>Please let me know your views on this.</P> Fri, 21 Feb 2020 15:40:57 GMT https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3374985#M960594 er.ankitsharma 2020-02-21T15:40:57Z https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375017#M960665 <P>Have you tried applying these rules using tunnel policies?</P> Sun, 29 Apr 2018 09:20:27 GMT https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375017#M960665 Marius Gunnerud 2018-04-29T09:20:27Z https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375191#M960666 <P>Hi Marius,</P> <P>&nbsp;</P> <P>I haven't tried applying these using tunnel policies.</P> <P>&nbsp;</P> <P>Can we use tunnel policies for Anyconnect VPN and also can we restrict traffic based on usernames using tunnel policies ?</P> <P>&nbsp;</P> <P>Also I noticed connection events where the 'initiator user' column&nbsp; says 'no authentication required' for the Anyconnect traffic.</P> Mon, 30 Apr 2018 03:09:49 GMT https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375191#M960666 er.ankitsharma 2018-04-30T03:09:49Z https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375237#M960667 <P><STRONG><EM>Can we use tunnel policies for Anyconnect VPN and also can we restrict traffic based on usernames using tunnel policies ?</EM></STRONG></P> <P><SPAN>As far as I know, it is not possible to restrict traffic based on usernames using tunnel policies.</SPAN></P> Mon, 30 Apr 2018 07:32:58 GMT https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375237#M960667 Marius Gunnerud 2018-04-30T07:32:58Z https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375264#M960668 <P>&nbsp;</P> <P>I think we cannot use tunnel policy for this issue. And now I have resolved this issue using Identity policies.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks!</P> Mon, 30 Apr 2018 08:28:23 GMT https://community.cisco.com/t5/network-security/ftd-anyconnect-internet-ad-user-based-policy/m-p/3375264#M960668 er.ankitsharma 2018-04-30T08:28:23Z