cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1426
Views
0
Helpful
1
Replies

How to lock local ASA user to AnyConnect VPN connection profile?

Charles Rayer
Level 1
Level 1

Hi All,

I'm setting up VPNs for third party businesses that our business uses, and want to lock them to only being able to reach their devices.

I can do this using an ACL in a group policy on our ASA 5510s

We use AnyConnect VPN, with primary authentication by our AD and secondary by local ASA users.

Group policy is tied to connection profiles. However I don't seem to be able to lock a local ASA user to a connection profile. So there's nothing to stop them using a different connection profile and having more access than they should have.

How can I lock an ASA local user to a connection profile? And why isn't this a simple Cisco feature?

1 Reply 1

Charles Rayer
Level 1
Level 1

Hey, just cracked it by using Dynamic Access Policies linking to Username2 and applying the ACL.