03-18-2014 09:08 AM
I am hosting two different customer enviroments behind an ASA. I have two seperate connection profiles and two seperate usernames that are local to the ASA. How can I configure a username to only be able to connecto to one of the connection profiles?
Thanks,
Chris
03-18-2014 09:21 AM
username user-customer attributes
group-lock value tunnel-group-name
03-18-2014 09:34 AM
In ASDM go to configuration > Remote Access VPN > AAA/Local Users > Local Users and select the uuser you want to modify. Choose Edit and in the window that appears, deselect the "Connection Profile (Tunnel Group) Lock" Inherit checkbox. (The default behavior is to inherit "unlocked" from the DefaultRA or WebVPN Profile for client-based (AnyConnect) and clientless SSL VPN respectively.). Then choose the profile you want to the user to be required to use. Click OK when finished, Apply and Save.
(edit - or like Chris posted for the cli mode equivalent)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide