Cisco anyconnect profile connectrion configuration

nor61k · ‎02-11-2022

good day! our task is to configure anyconnect as follows: for user to get attribute 25 from radius server and grant privileges based on it. Hence several questions arose:
1)As i noticed only one group policy(it's name should be equal to attr 25) can be bound to connection profile so how can i make 1 connect profile so users could connect via it and be granted with different rights?
2) how to create policy for every group police? should I create separate acl for every group policy and that's it?
3) how can i provide access to internet for users not through internet but via local internet during anyconnect session

Francesco Molino · ‎02-13-2022

Hi

You can assign only 1 group power user.

You have 2 choices:

- you create as many groups as needed and push these groups through radius and then filter accesses using standard policies

- you have 1 group for all users and push them a vpn filter acl using filter-id attribute or dACL which is passed using cisco av-pair attribute.

Your radius is Cisco ISE or something else?

Your last question is to provide internet access to anyconnect using their local internet (so split tunnel should be used) or through central internet (full tunnel should be configured).

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question