Showing results for 
Search instead for 
Did you mean: 

Allow AnyConnect user just to 2 servers?




We use the AnyConnect VPN for our Corperate users which have access to most servers on various ports on a /24 subnet.  I have been asked to allow an external company to 2 of our internal servers on file share ports (usual TCP/UDP 135-139, TCP 445).  How can I achieve this without have to create a new subnet, do all the routing and create the new VPN profile, is there an easier way where I can use our existing AnyConnect profile and lock down a single IP for this user as they only need 1 user to connect?



3 Replies 3

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
If your anyocnnect use AD authentication then its easy. Use AD attributes
such as company name to select specific group
-policy/tunnelgroup. This group-policy should have split tunnel ACL to
allow access to these servers only from any IP in the local pool. You can
have a vpn-filter ACL as well under the group-policy

In this case, no matter what IP they get then won't connect to anything
outside the split ACL and vpn-filter. You can also use group-lock to make
sure that their accounts can connect to this group-policy only and nothing
else from the dropdown (in case you have group select enabled).



Yes we use AD authentication.  All VPN users currently use 1 AD group to get access.  We use an AD Radius server (NPS - Network Policy Server).


For example would I need to create a new AD group and put this user into it, then Add a new policy to the NPS server to allow access?


I then use this new AD group for the group-policy?  This group-policy would then have split tunnel ACL to allow access to these 2 servers only?


That is another way of doing it which will work as well. Then you can
download your crypto ACLs using radius attributes. What I was referring to
is to use same AD group but different AD attribute (such as company or
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers