Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

Split tunnel in specific groups

kostasthedelegate
Level 4
Level 4

‎04-15-2020 04:12 AM

Hello, 

 

I have an ASA system and I use RA VPN with AnyConnect. 

There are several AD groups that connect. 

Is it possible in some groups to enable split tunnel, while in others no?

 

Thanks in advance, 

Konstantinos

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎04-15-2020 04:24 AM

Hi,

If you authenticate and authorise the users against LDAP or RADIUS, depending on which AD group the user is a member of, you would assign them to a specific ASA group-policy. The group-policies could be configured differently with or without split-tunneling configured.

 

Example of LDAP configuration

 

Examples of RADIUS configuration:-

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98634-asa-ldap-group-pol.html

 

HTH

0 Helpful
Customers Also Viewed These Support Documents