cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1403
Views
5
Helpful
1
Replies

Remote Access VPN User Permission

John Apricena
Level 1
Level 1

Hi Support,

Is there a way for a remote access VPN to allow certain users access to "Host A,B,C" and other users to access Host D,E,F? Basically we want to have certain users have access from home to a few server and other users only have access to other certain servers. Is this possible without a TACACS or some other appliance? Thanks guys!

1 Accepted Solution

Accepted Solutions

Dinesh Moudgil
Cisco Employee
Cisco Employee

Hi John,

Yes, you can configure split tunnelling to allow a specific group of users to access specific host.
How this is achieved is you create a different connection profile  for different users, associate a group-policy with it and under each group-policy , you have a split tunnelling access-list defined with entries of different hosts.

You need to create 2 connection profiles here and map them with 2 group-policy allowing access to 2 differernt resources (they can be multiple as well)

Here is a reference document :-

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

Hi John,

Yes, you can configure split tunnelling to allow a specific group of users to access specific host.
How this is achieved is you create a different connection profile  for different users, associate a group-policy with it and under each group-policy , you have a split tunnelling access-list defined with entries of different hosts.

You need to create 2 connection profiles here and map them with 2 group-policy allowing access to 2 differernt resources (they can be multiple as well)

Here is a reference document :-

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/