cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
682
Views
5
Helpful
3
Replies

Cisco ASA VPN profiles with differnets access rules

sam cook
Spotlight
Spotlight

Hi,

 

I need to setup a remote access VPN with 3 profiles.

 

My question is where on ASDM, can I configure accss rules for each profile :

 

For example :

 

Profiles 1 : access all VLANS

Profiles 2 access only VLAN 200

Profile 3 : acces VLAN 150 and VLAN 162

 

Regards

1 Accepted Solution

Accepted Solutions

You can accomplish this a number of different ways. 

 

The first thing I would do however would be to setup a split tunnel policy for anyconnect. You will want this because otherwise the default is to have all traffic (including internet traffic) go through the anyconnect connection. You will likely want to only have traffic destined for your network go through the anyconnect connection. You'll want to setup one of those per-group.

 

After you've done that, then you can use either 1) a dynamic access policy  2) a vpn filter. to filter access to stuff. 

 

If you only care about giving access to the networks themselves, and aren't restricting by specific ip or ports, you can forego the DAP or vpn filter, as your split tunnel can handle only making available certain networks on anyconnect. 

 

 

 

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Hi balaji.bandi,

 

Can you please be more prcise about what to do ?

 

Or what section in this document could help me ?

 

regards,

You can accomplish this a number of different ways. 

 

The first thing I would do however would be to setup a split tunnel policy for anyconnect. You will want this because otherwise the default is to have all traffic (including internet traffic) go through the anyconnect connection. You will likely want to only have traffic destined for your network go through the anyconnect connection. You'll want to setup one of those per-group.

 

After you've done that, then you can use either 1) a dynamic access policy  2) a vpn filter. to filter access to stuff. 

 

If you only care about giving access to the networks themselves, and aren't restricting by specific ip or ports, you can forego the DAP or vpn filter, as your split tunnel can handle only making available certain networks on anyconnect.