Anyconnect Radius Question

Unanswered Question
Apr 15th, 2009

I have a ASA 5510 and I'm currently using it to serve my VPN client (ipsec) users. I want to be able to also use it for the AnyConnect client but limit who can use the client to connect. I'm authenticating my users using a Windows IAS server and I push down ACLs via the AV Pair attribute. Is there a way via radius or on the ASA to specify which users are allowed to use the AnyConnect client? I need to limit access to this. I wasn't able to find anything in the documentation but I may be missing something.

Thanks for the assistance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 04/17/2009 - 07:17

You can use the IETF Class value (att 25) to pass along a string to the asa, using this string, you can have the ASA to place the user on a specific group-policy that matches that string and in the group-policy you can have the tunnel-protocol svc or webvpn enabled or not. When the user that should not be connecting via anyconect receives the string and the asa places the user on the group-policy that does not have that tunnel protocol enabled, the connection will never happen.


This Discussion