cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
389
Views
0
Helpful
1
Replies
muneeb.ali07
Beginner

Cisco AnyConnect | AMP, Umbrella & Multiple Groups

Greetings,

     The environment is running the FMCv with ASA-5506-X backed by Cisco ISE. I have seen public Cisco pages for features but couldn't find much on the following:

 

  1. Multiple Groups in the AnyConnect Client. Is it possible to segregate the users into groups and permissions based on their groups in the AD
  2. Integration of AMP for Endpoint with Cisco AnyConnect. Based on the groups segregation, only specific users should synchronize with AMP for Endpoints
  3. Integration of Umbrella with Cisco AnyConnect. Although, it seems feasible and there is public documentation available for the ASA but in case of FTD, there's limited support on it. Is it possible or integration available for this use case.

ISE version 2.4

FMCv version 6.4.0.9

FTD version 6.4.0.9

 

1 REPLY 1
Rob Ingram
VIP Mentor

Hi @muneeb.ali07 

I assume you want to authorise the users when connecting to a VPN using AnyConnect? If you are using ISE, you would create different authorisation rules using AD groups as conditions. E.g.

 

3.PNG

 

What kind of integration of AnyConnect and Umbrella are you looking for? There is the AnyConnect Umbrella module, which is integrated into the AnyConnect client, running ASA/FTD makes no difference to AnyConnect. If off-site and not connected to the VPN tunnel, DNS requests would go direct to Umbrella. If on the tunnel then the DNS requests are tunneled to the internal DNS server.

Content for Community-Ad