cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
536
Views
0
Helpful
2
Replies

truly dynamic VPN, is it possible ?

jraatikainen
Level 1
Level 1

Consider situation, where you have "central" ASA hosting multiple l2l IPSec tunnels.

Outside Users uses Anyconnect to connect ASA and are granted routing profile they choose.

Is there *any way* to use single AnyConnect group, which would dynamically set needed VPN access list based example ldap group info.

Small example :

l2l tunnel A has tunnel-specific and uses Anyconnect group A, only users on ldap goup XYA are allowed

l2l tunnel B has tunnel-specific and uses Anyconnect group B, only users on ldap goup XYB are allowed

if end user has right to connect group A and B (belongs to groups XYA and XYB) , can this be dynamically managed ?

Real world case holds hundreds of split-tunnels, this is just simple example and question, if this is possible or not ?

-jra

1 Accepted Solution

Accepted Solutions

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Jari

I'm not entirely sure I understand correctly what you want to achieve but I think you should be able to do so using a single group, and a set of DAP rules.

I.e. one rule that says "if user is member of XYA then apply acl A", another rule "if user is member of XYB then apply acl B" etc.

see

hth

Herbert

View solution in original post

2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

Hi Jari

I'm not entirely sure I understand correctly what you want to achieve but I think you should be able to do so using a single group, and a set of DAP rules.

I.e. one rule that says "if user is member of XYA then apply acl A", another rule "if user is member of XYB then apply acl B" etc.

see

hth

Herbert

This works quite smooth.

My problems was to understand the fact, taht I must route all available networks to tunnel and then DAP makes ACL, where one can go.

I assume this is simple thing on force tunnel, but as I prefer split-tunnel, this was pain for me to understand.

Anyway, all good, everythings works likes a charm, case closed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: