Solved: Re: AnyConnect: How to restrict a LOCAL user to certain a profile?

swscco001 · ‎06-27-2022

Hello everybody,

a customer is working with a ASA (rel. 9.8(4)39) and AnyConnect 4.5.

They have many LOCAL users and several AnyConnect profiles with Group URLs.

At the moment every LOCAL user can use different Group URLs for login

and so they get different restrictions by the SplitTunnel ACLs.

They want to restrict certain LOCAL users so they can login just with a

certain Group URL in his AnyConnect client.

Is this possible for LOCAL users or do he need to change to AD, RADIUS or

TACACS for this.?

If this is possible to bind the user to a certain AnyConnect profile (Group URL)

how this can be configured?

Every hint is welcome!

Thanks a lot!

Greetings,

R.

Marius Gunnerud · ‎06-28-2022

You can force the user to use a specific Connection profile, if that is what you mean?

If this is a local user you can configure this on the user account

username USERNAME attributes
group-lock value CONNECTION-PROFILE

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎06-28-2022

You can force the user to use a specific Connection profile, if that is what you mean?

If this is a local user you can configure this on the user account

username USERNAME attributes
group-lock value CONNECTION-PROFILE

--
Please remember to select a correct answer and rate helpful posts

swscco001 · ‎07-10-2022

Hi Marius,

great!

This solved the issue.

Thanks a lot!

Bye
R.