Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyconnect VPN client - Users

Is there a way to have specific user ID's access defined servers via the Anyconnect client version 2.5.0217 to an ASA5510? The idea is to limit outside contractors to only the resources they need. This was possible with the IPSEC client with different profiles but so far I don't see how to do this with this new client. Any help would be greatly appreciated.

TJ

3 REPLIES
Cisco Employee

Re: Anyconnect VPN client - Users

TJ,

Which mechanism did you rely on for IPsec?

Downloadable ACLs and split tunneling based on attributes should still be an option ...

Also cut through proxy should work.

Marcin

edit: Added mention about CTP.

New Member

Re: Anyconnect VPN client - Users

When using IPSEC we had multiple profiles defined for special purpose users and needs. The profile included a network list that defined what servers that those users had access to. The IPSEC client has the capability to enter a group and password. The group defined at the client would then translate to the profile at the ASA. I hope this helped.

TJ

Cisco Employee

Re: Anyconnect VPN client - Users

Thomas,

Depending on your config, anyconnect users also land on group-policy and tunnel-group.

You can check out which one are those by doing "show vpn-sessiondb det svc"

Please note that by default those might be DefaultRAgroup and default group policy.

Once you know which group policy you're using you can for exampl do vpn-filter (that does not apply to clientless):

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1630190

Again too many possibilities to be taken into account, I would suggest looking into downloadble ACLs as a possible solution or running VPN clients against CTP ;-)

Marcin

610
Views
0
Helpful
3
Replies