Clientless SSL/AnyConnect VPN Documentation

Unanswered Question
Nov 14th, 2008

I recently setup the Clientless SSL and Anyconnect VPN. I currently have a pretty basic setup, if your a member of the AnyConnect AD group, you get the Anyconnect Client, if your not, you get the Clientless portal (all using the Dynamic Access Policies with LDAP.memberOf lookups). I also have some links on the portal page based on other groups you might be a part of in AD. Nothing to exciting.

Now there is a few other things I am trying to configure, such as, in the DAP, it looks like you can limit what networks someone has access to. So if someone is part of RemoteOffice1, I don't want them to be able to connect to anything in RemoteOffice2 (same the other direction), but if your part of CentralOffice you should be able to get to both. I tried setting this up and just couldn't get it to work.

What I am looking for is some better documentation than what I can find on the site or on Ciscopress/Safari (very possible I just haven't found the right book or the right document). The stuff thats out there doesn't do a very good job of explaining Connection Profiles (alike how it picks which one you will end up using), the ACL Manager (and Network ACL Filters) and a couple of other little things.


Matt Karsten

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
JORGE RODRIGUEZ Sat, 11/15/2008 - 21:24

Hi Matt,

Understand what exactly you are trying to do, I have couple ssl vpn tunnels but unlike you I do not need the type of filtering you require between ssl tunnel groups. I do however have basic RA vpn for our regular vpn clients and use for some users per user vpn filters.

You may try this link, even though it does refers to vpn filters in general such as l2l and RA vpn I am quite confident you can use the vpn filter principle and apply it to your ssl tunnel groups policies.



matt.karsten Tue, 11/18/2008 - 08:14

I'm a little slow replying to these sometimes...

This link didn't quite get me where I needed to be. Through a different issue I was working on with TAC, they pointed me at this document, it seems to do a good job of explaining Dynamic Access Policies, connection profiles, VPN ACLs and when/why things get applied the way they do.


This Discussion