Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
3
Replies

Anyconnect VPN client - Users

thomas.green
Level 1
Level 1

‎09-15-2010 05:51 PM - edited ‎02-21-2020 04:50 PM

Is there a way to have specific user ID's access defined servers via the Anyconnect client version 2.5.0217 to an ASA5510? The idea is to limit outside contractors to only the resources they need. This was possible with the IPSEC client with different profiles but so far I don't see how to do this with this new client. Any help would be greatly appreciated.

TJ

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-16-2010 12:43 AM

TJ,

Which mechanism did you rely on for IPsec?

Downloadable ACLs and split tunneling based on attributes should still be an option ...

Also cut through proxy should work.

Marcin

edit: Added mention about CTP.

0 Helpful

thomas.green
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-16-2010 04:09 AM

When using IPSEC we had multiple profiles defined for special purpose users and needs. The profile included a network list that defined what servers that those users had access to. The IPSEC client has the capability to enter a group and password. The group defined at the client would then translate to the profile at the ASA. I hope this helped.

TJ

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to thomas.green

‎09-16-2010 04:27 AM

Thomas,

Depending on your config, anyconnect users also land on group-policy and tunnel-group.

You can check out which one are those by doing "show vpn-sessiondb det svc"

Please note that by default those might be DefaultRAgroup and default group policy.

Once you know which group policy you're using you can for exampl do vpn-filter (that does not apply to clientless):

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190

Again too many possibilities to be taken into account, I would suggest looking into downloadble ACLs as a possible solution or running VPN clients against CTP ;-)

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents