06-17-2013 08:23 AM - edited 02-21-2020 06:57 PM
Hello,
Here is our scenario. We have three (3) separate AnyConnect connection profiles each with different levels of access enforced through ACL filters. We have aliases configured for each connection profile in order for each group member to be able to choose his group when logging in to AnyConnect. Authentication is done via LDAP to one single server/domain instance on which all users have accounts. Given our scenario and without using multi factor authentication, is there any way to keep a user from logging in to a connection profile in the AnyConnect client which he shouldn't have access to?
Thanks,
-Mike
06-17-2013 07:50 PM
Yuo should be able to do this with tunnel-group locking. Link.
06-18-2013 01:41 PM
Dear Marvin,
I have a similar situation where i have diferent connection profile and group policies where i apply acl where each profile
has access to different resources.
My question would be. Is there any possibility to allow only specific real IP addresses to initiate VPN session to the firewall.
regards
Nehat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide