Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
4
Helpful
3
Replies

Lock Down Remote users access

Joshua Maurer
Level 1
Level 1

‎02-01-2016 12:44 PM

I currently have an Anyconnect VPN SSL connection for my outside users. But I have a vendor that does not what to create an IPSEC tunnel, but whats a remote connection to remote a server on my network. How can I lock down an account to one or a few servers without giving access to the whole network?

Labels:
0 Helpful
3 Replies 3

Diego Lopez
Level 1
Level 1

‎02-01-2016 01:17 PM

Hello,

You can configure a VPN filter in the group policy, you can follow this documentation to configure the filter, remember that the access-list should be configured inbound direction:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

Regards, please rate.

0 Helpful

Joshua Maurer
Level 1
Level 1
In response to Diego Lopez

‎02-01-2016 01:35 PM

How do I apply this to one user or group?

0 Helpful

Diego Lopez
Level 1
Level 1
In response to Joshua Maurer

‎02-01-2016 01:47 PM

Hello,

You can apply this in a group policy

Create the access-list 


access-list vpnfilt-ra permit ip remote_IP mask local_ip mask

then:

group-policy test attributes

vpn-filter value vpnfilt-ra 

Customers Also Viewed These Support Documents