06-30-2010 08:02 AM - edited 03-11-2019 11:05 AM
I have ran into two problems with my VPN that I have not been able to figure out;
1. If a user has permission to access the AnyConnect VPN then and they go to access the RDP SSL VPN then it automatically downloads and installs the AnyConnect. Is it possible to disable the auto download and install of the AnyConnect client?
2. If a user belongs to the AD groups for both the AnyConnect VPN and the RDP VPN, then that user can only access the RDP VPN. Is there a way to allow a user that is a member of both groups to access both VPN types (not simulataneously of course)? Or would it be better if I create a new AD group that allows both connections?
Currently I have 4 ways to connect into the VPN;
An SSL Tunnel to my EDI RDP server (For contractors)
An SSL Tunnel to my RDP server
An SSL Tunnel to my webmail
And using the AnyConnect application
The biggest problem is finding a way to disable the automatic download and install of the AnyConnect client
Here is my config that I am using:
ldap attribute-map VPNAccessMap
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=EDI Access Grp,OU=VPN OU,OU=Groups,DC=test,DC=corp" EDIAccessPlc
map-value memberOf "CN=OWA Access Grp,OU=VPN OU,OU=Groups,DC=test,DC=corp" OWAAccessPlc
map-value memberOf "CN=TS Access Grp,OU=VPN OU,OU=Groups,DC=test,DC=corp" TSAccessPlc
map-value memberOf "CN=VPN Access Grp,OU=VPN OU,OU=Groups,DC=test,DC=corp" AnyConnectAccessPlc
dynamic-access-policy-record SSLDenyPlc
user-message "Access Denied"
action terminate
webvpn
file-browsing disable
file-entry disable
http-proxy disable
url-entry disable
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP_SRV_GRP protocol ldap
aaa-server LDAP_SRV_GRP (IntNet) host DomainController
server-port 636
ldap-base-dn DC=test,DC=corp
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=TestDude,OU=Users OU,DC=test,DC=corp
ldap-over-ssl enable
server-type microsoft
ldap-attribute-map VPNAccessMap
webvpn
enable IntNet
enable ExtNet
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy EDIAccessPlc internal
group-policy EDIAccessPlc attributes
vpn-tunnel-protocol webvpn
webvpn
homepage value rdp://10.1.2.40/?geometry=1024x768
group-policy TSAccessPlc internal
group-policy TSAccessPlc attributes
banner value Terminal Server Access Policy
vpn-tunnel-protocol svc webvpn
webvpn
homepage value rdp://10.1.2.70/?geometry=1024x768
group-policy OWAAccessPlc internal
group-policy OWAAccessPlc attributes
banner value Outlook Web Access Policy
vpn-idle-timeout 20
vpn-tunnel-protocol webvpn
webvpn
url-list value OWA
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable
group-policy AnyConnectAccessPlc internal
group-policy AnyConnectAccessPlc attributes
dns-server value 10.1.2.3 10.1.2.80
vpn-tunnel-protocol svc
address-pools value SSLDHCP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group LDAP_SRV_GRP
Solved! Go to Solution.
07-05-2010 01:49 PM
07-05-2010 01:49 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: