I'm trying to restrict traffic of a AnyConnect (Client Based SSL VPN) WebVPN user. I am using a "Webtype" access-list to define the permitted http and cifs urls. Then I am applying the access-list in the user attributes webvpn mode using the "filter value acl" command. Unfortunately, the user still has access to all of the resources that all of the other webvpn users have. I don't want to setup a separate group policy for just one user and i'm not really confident that this filtering will work in the group policy if it doesn't work at the user level as the configuration seems exactly the same. User attributes are supposed to override group policy attributes anyway. Am I missing something here? When I looked up the webvpn filtering before trying this configuration I found that the "vpn-filter" command that is used on ipsec vpn's to do this same thing is not supposed to work at all on ssl vpns and that this was the method that I had to use. I'm kinda stuck here as I have checked out several different config guides and references on Cisco and none of them mention any other config steps then those below. I am pretty well versed in ipsec site to site's and ras vpn's but am pretty new to the ssl vpn technology. I'm starting to wonder if the webvpn filtering is only good on the "clientless" SSL VPN but most of the documentation treats the clientless the same as AnyConnect.
Any help from those that have done this or something similar before would be appreciated. I have gotten past the stage where advice from laymen would be interesting though.
ASA 5520, Ver 8.0(2)
access-list johndoe_webvpn_filter webtype permit url http://server1/*
access-list johndoe_webvpn_filter webtype permit url http://server2/*
access-list johndoe_webvpn_filter webtype permit url http://server3/*
access-list johndoe_webvpn_filter webtype permit url cifs://server4/*
access-list johndoe_webvpn_filter webtype permit url cifs://server5/*
access-list johndoe_webvpn_filter webtype permit url http://server6/*
username johndoe attributes
filter value johndoe_webvpn_filter