07-08-2015 01:01 PM - edited 02-21-2020 08:20 PM
Hi
In Anyconnect VPN, there are two commands, which I highlighted wild Bold. I checked it with "?" behind the command. But I still cannot understand it and why it need to be used here. I hope some one can explain it for me. Thank you
group-policy Authority internal
group-policy Authority attributes
vpn-filter value Access_List
vpn-tunnel-protocol ssl-clientless
group-lock value Third_Party
split-tunnel-policy tunnelspecified
split-tunnel-network-list value County_Access
-------- following is what I checked out :
group-lock Enter name of an existing tunnel-group that users are required to connect with
vpn-filter Enter name of a configured ACL to apply to users
Solved! Go to Solution.
07-08-2015 01:18 PM
The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.
For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).
The group-lock prevents defined users from choosing other available group polices from the drop down list.
For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.
07-08-2015 01:18 PM
The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.
For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).
The group-lock prevents defined users from choosing other available group polices from the drop down list.
For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.
07-10-2015 07:56 AM
Thank you so much for your excellent explanation !
07-10-2015 08:00 AM
You're welcome.
Please mark your question as answered if it has been.
05-13-2020 04:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide