Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5497
Views
25
Helpful
4
Replies

Any one can explain command "vpn-filter" value etc in Anyconnect VPN ?

Go to solution
eigrpy
Level 4
Level 4

‎07-08-2015 01:01 PM - edited ‎02-21-2020 08:20 PM

Hi

In Anyconnect VPN, there are two commands, which I highlighted wild Bold. I checked it with "?" behind the command. But I still cannot understand it and why it need to be used here. I hope some one can explain it for me. Thank you

 

group-policy Authority internal

group-policy Authority attributes

 vpn-filter value Access_List

 vpn-tunnel-protocol ssl-clientless

 group-lock value Third_Party

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value County_Access

 

-------- following is what I checked out :

group-lock                        Enter name of an existing tunnel-group that users are required to connect with 

vpn-filter                           Enter name of a configured ACL to apply to users

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-08-2015 01:18 PM

The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.

For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).

The group-lock prevents defined users from choosing other available group polices from the drop down list.

For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-08-2015 01:18 PM

The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.

For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).

The group-lock prevents defined users from choosing other available group polices from the drop down list.

For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.

Go to solution
eigrpy
Level 4
Level 4
In response to Marvin Rhoads

‎07-10-2015 07:56 AM

Thank you so much for your excellent explanation !  

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to eigrpy

‎07-10-2015 08:00 AM

You're welcome.

Please mark your question as answered if it has been.

Go to solution
sirbulandkhan1
Level 1
Level 1
In response to Marvin Rhoads

‎05-13-2020 04:16 AM

Hi Marvin, Thanks for the explanation. I would be grateful if you can explain the difference between "split-tunnel-network-list" value & "vpn-filter" value.
0 Helpful
Customers Also Viewed These Support Documents