Thanks a lot for your reply, I will try it and come back to give some news. If I've understand, I do modify my group-policy attributes to add : group-lock value And and add adress-pool ip_pool to my tunnel-group like : tunnel-group my_tunnel-group type remote-access tunnel-group my_tunnel-group type general-attribute adress-pool ip_pool <<< correspond to the ip local pool ... of this tunnel authentication-server-group RADIUS_SRV authorization-server-group RADIUS_SRV default-group-policy my_ group-policy <<< Where my group-lock value is defined right ?
... View more
Hello, I'm running on ASAv9 and anyconnect to provide SSL VPN tunnel. Each tunnel give access to a different network from the outside on an unique public IP adress. Each network tunnel can be mount with a unique URL like https://aa.bb/tunnelA and https://aa.bb/tunnelB My users are identifiying by an external Radius (user1@domainA.local) Everything works great except one thing : One user restricted to acces at the tunnelA can mount the TunnelB if it know the url of the tunnelB (with userID defined for tunnelA). exemple, on anyconnect client, user1@tunnelB.local can open the tunnelA on the url https://aa.bb/tunnelA This is a huge security risk. I don't know how it's possible. I've configured each tunnel like this : [Edit] See attached file for config, cannot paste plain text code Anyone can explain me how to link a userID to a tunnel url or wathever ? Maybe it's my radius server who don't recieve or determine witch domain try to be accessed when url of tunnelA was send, and can't match the url domain and user domain. Thanks for reading.
... View more