08-05-2021 11:57 AM - edited 08-05-2021 12:08 PM
Good afternoon,
I wanted to know how would I be able to setup different access via an anyconnect IPSEC configuration? I need two groups where one group of admins have open access and another group where users are allowed to access specific servers. I can do it in the old IPsec configuration with the old VPN Client and SSL VPN, but I don't know how to do it for this type. Any help is much appreciated.
Edit: I'm using local user authentication currently.
Solved! Go to Solution.
08-06-2021 04:46 AM - edited 08-06-2021 04:46 AM
You could create two Connection Profiles, one for your users and one for IT workers with different filter acls (or different split tunnel acls)
Then use different group urls for these Connection Profiles or bind the local users to the certain group, I believe it is called VPN Group Lock.
08-05-2021 12:05 PM - edited 08-05-2021 12:06 PM
Hi @UCguy42
Yes, there are a few ways to do this, it depends on your authentication method. If you were using LDAP you can authorise the users depending on group membership and configure a different policy per group. Example:-
You can do something similar with RADIUS (Windows NPS or ISE), NPS RADIUS example:
08-05-2021 12:07 PM
Thank you! But I'm using local authentication for these users right now. I'm looking at the documents right now.
08-06-2021 04:46 AM - edited 08-06-2021 04:46 AM
You could create two Connection Profiles, one for your users and one for IT workers with different filter acls (or different split tunnel acls)
Then use different group urls for these Connection Profiles or bind the local users to the certain group, I believe it is called VPN Group Lock.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: