Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1548
Views
5
Helpful
3
Replies

Multiple VPN profiles for different users

Go to solution
mrochac
Level 1
Level 1

‎05-29-2020 10:24 AM - edited ‎06-02-2020 07:33 AM

Good day, is it possible to create different profile for different type of OS users to connect to ASA VPN? we have a bunch of WFH users and some have W7 (ya i know right..) and W10 - we would like to have both connecting to the same VPN but due to some security measures we have in place with W7 and O365 our split tunnel will not allow W7 to access MS related products. I was thinking on setting up 2 profiles, with with and one without split tunneling - any info is greatly appreciated.

 

MR.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to mrochac

‎06-03-2020 07:09 AM

Hi,
Sorry, no that wasn't what I meant, I was just providing the different options depending on the method you maybe using.

If you are using RADIUS, group the users with different OS's into separate AD groups, then authorise those users and assign them to a different ASA group-policy, which can be applied via the RADIUS server.

HTH

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎06-02-2020 08:04 AM

Hi,

How do you authenticate your users? LDAP or RADIUS?

 

If using RADIUS server such as ISE, you could profile the computers and authorise the users to a different ASA group-policies (which defines the split tunnel configuration) depending on whether the computer was Windows 7 or Windows 10.

 

Alternatively if using LDAP or RADIUS, you can assign the different users to different AD groups and apply a group-policy depending on their group membership.

 

HTH

Go to solution
mrochac
Level 1
Level 1
In response to Rob Ingram

‎06-03-2020 06:52 AM

thanks for the info Rob - we dont have ISE, we authenticate users directly to RADIUS - so what your saying if i understood correctly is that we need 2 methods of authentication for 2 separae profiles?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mrochac

‎06-03-2020 07:09 AM

Hi,
Sorry, no that wasn't what I meant, I was just providing the different options depending on the method you maybe using.

If you are using RADIUS, group the users with different OS's into separate AD groups, then authorise those users and assign them to a different ASA group-policy, which can be applied via the RADIUS server.

HTH
0 Helpful
Customers Also Viewed These Support Documents