Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1418
Views
5
Helpful
1
Replies

Anyconnect setup with multiple connection profiles and radius

robertokippins
Level 1
Level 1

‎12-10-2019 02:15 PM - edited ‎02-21-2020 09:49 PM

Hello I have anyconnect VPN configured with multiple connection profiles on my ASA firewall and the firewall authenticates with a Windows radius server.

 

image.jpg

I'm trying to separate the access for different users but any user account can authenticate with all the connection profiles. How can I keep this authentication separate so that non admins cannot use the Administrator profile and so on?

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎12-10-2019 02:42 PM

Hi,
You could use the radius attribute "Cisco-VPN3000:CVPN3000/ASA/PIX7x-Tunnel-Group-Name CONTAINS <TUNNEL NAME>" inconjunction with the AD group to authenticate the users to the different tunnel groups (aka connection profiles). In your example you'd create 3 rules, 1 for each tunnel-group/connection profile.

 

Here is an example, although it's for ISE, it is the same principle.

 

HTH

Customers Also Viewed These Support Documents
Top