cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
0
Helpful
3
Replies

Anyconnect IPSEC VPN with different access

UCguy42
Level 1
Level 1

Good afternoon,

 

    I wanted to know how would I be able to setup different access via an anyconnect IPSEC configuration? I need two groups where one group of admins have open access and another group where users are allowed to access specific servers. I can do it in the old IPsec configuration with the old VPN Client and SSL VPN, but I don't know how to do it for this type. Any help is much appreciated.

 

 

Edit: I'm using local user authentication currently.

1 Accepted Solution

Accepted Solutions

You could create two Connection Profiles, one for your users and one for IT workers with different filter acls (or different split tunnel acls)

Then use different group urls for these Connection Profiles or bind the local users to the certain group, I believe it is called VPN Group Lock.

View solution in original post

3 Replies 3

Hi @UCguy42 

Yes, there are a few ways to do this, it depends on your authentication method. If you were using LDAP you can authorise the users depending on group membership and configure a different policy per group. Example:-

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html

 

You can do something similar with RADIUS (Windows NPS or ISE), NPS RADIUS example:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html

 

Thank you! But I'm using local authentication for these users right now. I'm looking at the documents right now.

You could create two Connection Profiles, one for your users and one for IT workers with different filter acls (or different split tunnel acls)

Then use different group urls for these Connection Profiles or bind the local users to the certain group, I believe it is called VPN Group Lock.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: