Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
5
Helpful
1
Replies

Remote Access VPN User Permission

Go to solution
John Apricena
Level 1
Level 1

‎11-12-2015 01:32 PM - edited ‎02-21-2020 08:33 PM

Hi Support,

Is there a way for a remote access VPN to allow certain users access to "Host A,B,C" and other users to access Host D,E,F? Basically we want to have certain users have access from home to a few server and other users only have access to other certain servers. Is this possible without a TACACS or some other appliance? Thanks guys!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-12-2015 05:49 PM

Hi John,

Yes, you can configure split tunnelling to allow a specific group of users to access specific host.
How this is achieved is you create a different connection profile  for different users, associate a group-policy with it and under each group-policy , you have a split tunnelling access-list defined with entries of different hosts.

You need to create 2 connection profiles here and map them with 2 group-policy allowing access to 2 differernt resources (they can be multiple as well)

Here is a reference document :-

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

1 Reply 1

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-12-2015 05:49 PM

Hi John,

Yes, you can configure split tunnelling to allow a specific group of users to access specific host.
How this is achieved is you create a different connection profile  for different users, associate a group-policy with it and under each group-policy , you have a split tunnelling access-list defined with entries of different hosts.

You need to create 2 connection profiles here and map them with 2 group-policy allowing access to 2 differernt resources (they can be multiple as well)

Here is a reference document :-

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
Customers Also Viewed These Support Documents