cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
884
Views
5
Helpful
2
Replies

AnyConnect: How to restrict a LOCAL user to certain a profile?

swscco001
Level 3
Level 3

Hello everybody,

 

a customer is working with a ASA (rel. 9.8(4)39) and AnyConnect 4.5.

 

They have many LOCAL users and several AnyConnect profiles with Group URLs.

At the moment every LOCAL user can use different Group URLs for login

and so they get different restrictions by the SplitTunnel ACLs.

 

They want to restrict certain LOCAL users so they can login just with a

certain Group URL in his AnyConnect client.

Is this possible for LOCAL users or do he need to change to AD, RADIUS or

TACACS for this.?

 

If this is possible to bind the user to a certain AnyConnect profile (Group URL)

how this can be configured?

Every hint is welcome!

 

Thanks  a lot!


Greetings,

R.

 

1 Accepted Solution

Accepted Solutions

You can force the user to use a specific Connection profile, if that is what you mean?

If this is a local user you can configure this on the user account

username USERNAME attributes
 group-lock value CONNECTION-PROFILE

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

You can force the user to use a specific Connection profile, if that is what you mean?

If this is a local user you can configure this on the user account

username USERNAME attributes
 group-lock value CONNECTION-PROFILE

--
Please remember to select a correct answer and rate helpful posts

swscco001
Level 3
Level 3

Hi Marius,

great!

This solved the issue.

Thanks a lot!


Bye
R.
 

Review Cisco Networking for a $25 gift card