cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4566
Views
25
Helpful
4
Replies

Any one can explain command "vpn-filter" value etc in Anyconnect VPN ?

eigrpy
Level 4
Level 4

Hi

In Anyconnect VPN, there are two commands, which I highlighted wild Bold. I checked it with "?" behind the command. But I still cannot understand it and why it need to be used here. I hope some one can explain it for me. Thank you

 

group-policy Authority internal

group-policy Authority attributes

 vpn-filter value Access_List

 vpn-tunnel-protocol ssl-clientless

 group-lock value Third_Party

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value County_Access

 

-------- following is what I checked out :

group-lock                        Enter name of an existing tunnel-group that users are required to connect with 

vpn-filter                           Enter name of a configured ACL to apply to users

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.

For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).

The group-lock prevents defined users from choosing other available group polices from the drop down list.

For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

The vpn-filter adds an additional layer of security to the remote access VPN by adding an access-list to all traffic that comes from the remote users.

For instance, you may want to restrict them to a subnet (which you can do in the overall tunnel-group) and then further say only http to servers A, B and C (for which you would use the access-list specified by the vpn-filter).

The group-lock prevents defined users from choosing other available group polices from the drop down list.

For instance, you may want to restrict general VPN users from using an unrestricted group reserved for IT admins. Or only allow external vendors to connect to a group designated for them that restricts access to a set of DMZ resources.

Thank you so much for your excellent explanation !  

You're welcome.

Please mark your question as answered if it has been.

Hi Marvin, Thanks for the explanation. I would be grateful if you can explain the difference between "split-tunnel-network-list" value & "vpn-filter" value.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: