Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

ISE anyconnect access with AD

mickyq
Level 1
Level 1

‎04-21-2016 01:18 AM - edited ‎03-10-2019 11:41 PM

Is it possible to use the ISE to permit specific anyconnect url access using a specific AD group?

the problem I have is there are several anyconnect vpn url's available but the AD group the ISE is using is the VPN_Access group. Within the VPN_Access group are more groups with users in. The user can use any anyconnect url and gain access.

Is there a way to match an incoming url to a specific group in the VPN_Access group

Labels:
0 Helpful
1 Reply 1

jan.nielsen
Level 7
Level 7

‎04-22-2016 05:43 AM

I believe that the ASA sends the tunnel-group name that the users is hitting, with the radius request, tunnel-group is normally mapped in the ASA to a specific url. You could create multiple authorization rules that have condition matches on the pairs og tunnel group names and a specific AD group you have, to allow access, and then deny everything else.

0 Helpful
Customers Also Viewed These Support Documents