Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
3
Replies

Restricting VPN access through Azure AD groups

diego.frausto
Level 1
Level 1

‎03-01-2021 08:23 AM

All,

 

Is it possible to restrict access to Site-to-Site VPN tunnels with Azure AD groups?  We have 3 Site-to-Site VPN tunnels in our environment and we would like to restrict access through the use of Azure AD groups.  We are using Azure MFA for login authorization, but we would also like to use Azure Groups to restrict access to Site-to-Site VPN tunnels.   I know that we have to create different ACL, but how would we associate the Azure AD group to the proper ACL? 

 

Thank you,

 

Diego 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎03-01-2021 08:49 AM

is this site to site VPN or Remote access VPN ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

diego.frausto
Level 1
Level 1
In response to balaji.bandi

‎03-01-2021 08:53 AM

We want to control remote access VPN to the Site-to-Site VPN tunnels.  

 

If we have an anyconnect client login and establish a remote VPN connection, we do not want to give this user access to all three Site-to-Site VPN connections.  We want to restrict it so that her or she only gets access to the Site-to-Site VPN tunnels that they have right to through Azure AD groups.

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to diego.frausto

‎03-01-2021 10:41 AM

do you different Remote access VPN for each Location?

 

with profiles you can restrict right, depends on the Pool you allocating you can have ACL Polices not to access other resources(other site-site vpn), and make different Group if you different have  VPN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents