Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
1
Replies

Deny Anyconnect Client Access for a group which is using AAA auth.

peter.ferl
Level 1
Level 1

‎12-18-2009 01:31 AM - edited ‎02-21-2020 04:25 PM

Hello,

following situation:

ASA 5520 running 8.0(4)28.

Serving multiple VPN groups using either Anyconnect or VPN-Client.

One of the Customers using group XXX does not want that his group is able to be etablished using anyconnect.

User auth is done by an external AAA.

Config if group-p:

group-policy XXX attributes

...

vpn-tunnel-protocol IPSec

...

Any Ideas?

Thx,

Peter

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎12-21-2009 11:01 AM

Hi Peter,

The vpn tunnel protocol will help you with this as long as the users do not change of group to connect, if what you need is also to control users within this group, you need to use tunnel group lock which will deny users from getting connected if they do not connect to the correct tunnel group.

See step 11 on the following link:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html#wp1093578

You will need to pass the class attribute from your Auth server.

0 Helpful
Customers Also Viewed These Support Documents