Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
5
Helpful
3
Replies

Cisco ASA VPN profiles with differnets access rules

Go to solution
sam cook
Spotlight
Spotlight

‎11-14-2018 08:34 AM

Hi,

 

I need to setup a remote access VPN with 3 profiles.

 

My question is where on ASDM, can I configure accss rules for each profile :

 

For example :

 

Profiles 1 : access all VLANS

Profiles 2 access only VLAN 200

Profile 3 : acces VLAN 150 and VLAN 162

 

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mls577
Level 1
Level 1
In response to sam cook

‎11-16-2018 06:37 PM

You can accomplish this a number of different ways. 

 

The first thing I would do however would be to setup a split tunnel policy for anyconnect. You will want this because otherwise the default is to have all traffic (including internet traffic) go through the anyconnect connection. You will likely want to only have traffic destined for your network go through the anyconnect connection. You'll want to setup one of those per-group.

 

After you've done that, then you can use either 1) a dynamic access policy  2) a vpn filter. to filter access to stuff. 

 

If you only care about giving access to the networks themselves, and aren't restricting by specific ip or ports, you can forego the DAP or vpn filter, as your split tunnel can handle only making available certain networks on anyconnect. 

 

 

 

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-14-2018 12:18 PM

Look at the below guide for reference :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/asdm78/vpn/asdm-78-vpn-config/vpn-asdm-setup.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
sam cook
Spotlight
Spotlight
In response to balaji.bandi

‎11-15-2018 12:52 AM

Hi balaji.bandi,

 

Can you please be more prcise about what to do ?

 

Or what section in this document could help me ?

 

regards,

0 Helpful

Go to solution
mls577
Level 1
Level 1
In response to sam cook

‎11-16-2018 06:37 PM

You can accomplish this a number of different ways. 

 

The first thing I would do however would be to setup a split tunnel policy for anyconnect. You will want this because otherwise the default is to have all traffic (including internet traffic) go through the anyconnect connection. You will likely want to only have traffic destined for your network go through the anyconnect connection. You'll want to setup one of those per-group.

 

After you've done that, then you can use either 1) a dynamic access policy  2) a vpn filter. to filter access to stuff. 

 

If you only care about giving access to the networks themselves, and aren't restricting by specific ip or ports, you can forego the DAP or vpn filter, as your split tunnel can handle only making available certain networks on anyconnect. 

 

 

 

Customers Also Viewed These Support Documents