anyconnect 的基本配置,请参考我的另外一篇帖子,【原创】ASA9.0 and later Anyconnect VPN配置指南
http://bbs.csc-china.com.cn/forum.php?mod=viewthread&tid=980080第一:设置远程访问权限ciscoasa(config)# username cisco attributes
ciscoasa(config-username)#service-type remote-access 给用户只有远程访问的权限,不能管理设备ciscoasa(config)# aaa authorization exec LOCAL 通过aaa对本地用户进行授权第二:对某些资源进行访问限制可以通过定义多个Group-Policy,在Group-Policy 下使用vpn-filter属性进行配置1.定义可以访问所有资源的aclaccess-list rule1 ext permit ip any any2.定义只能访问某台服务器的3389端口access-list rule2 extended permit tcp any host 192.168.1.10 eq 33893.定义Group-Policy 1group-policy Policy1 internalgroup-policy Policy1 attributes dns-server value 8.8.8.8 vpn-filter value rule1 vpn-tunnel-protocol ssl-client 4.
定义Group-Policy 2group-policy Policy2 internalgroup-policy Policy2 attributes dns-server value 8.8.8.8 vpn-filter value rule2 vpn-tunnel-protocol ssl-client 5.在用户下调用Group-Policyusername vpnuser1 attributes vpn-group-policy Policy1username vpnuser2 attributes vpn-group-policy Policy2
