06-27-2022 02:45 AM - edited 06-27-2022 10:56 PM
Hello everybody,
a customer is working with a ASA (rel. 9.8(4)39) and AnyConnect 4.5.
They have many LOCAL users and several AnyConnect profiles with Group URLs.
At the moment every LOCAL user can use different Group URLs for login
and so they get different restrictions by the SplitTunnel ACLs.
They want to restrict certain LOCAL users so they can login just with a
certain Group URL in his AnyConnect client.
Is this possible for LOCAL users or do he need to change to AD, RADIUS or
TACACS for this.?
If this is possible to bind the user to a certain AnyConnect profile (Group URL)
how this can be configured?
Every hint is welcome!
Thanks a lot!
Greetings,
R.
Solved! Go to Solution.
06-28-2022 12:51 AM
You can force the user to use a specific Connection profile, if that is what you mean?
If this is a local user you can configure this on the user account
username USERNAME attributes
group-lock value CONNECTION-PROFILE
06-28-2022 12:51 AM
You can force the user to use a specific Connection profile, if that is what you mean?
If this is a local user you can configure this on the user account
username USERNAME attributes
group-lock value CONNECTION-PROFILE
07-10-2022 10:39 PM
Hi Marius,
great!
This solved the issue.
Thanks a lot!
Bye
R.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide