02-01-2016 12:44 PM
I currently have an Anyconnect VPN SSL connection for my outside users. But I have a vendor that does not what to create an IPSEC tunnel, but whats a remote connection to remote a server on my network. How can I lock down an account to one or a few servers without giving access to the whole network?
02-01-2016 01:17 PM
Hello,
You can configure a VPN filter in the group policy, you can follow this documentation to configure the filter, remember that the access-list should be configured inbound direction:
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html
Regards, please rate.
02-01-2016 01:35 PM
How do I apply this to one user or group?
02-01-2016 01:47 PM
Hello,
You can apply this in a group policy
Create the access-list
access-list vpnfilt-ra permit ip remote_IP mask local_ip mask
then:
group-policy test attributes
vpn-filter value vpnfilt-ra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide