Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Anyconnect vpn on Cisco Router | multiple group policy

Hi,

I configured SSL vpn in 3825 router , below is my configuration , I configured multiple group policy , but when I am connecting with cisco anyconnect clinet application  I cant see group option , only showing username and password option ( see attachment ).

webvpn gateway gateway_1

ip address 88.100.155.161 port 443

http-redirect port 80

ssl trustpoint TP-self-signed-67891034556

inservice

!

webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg sequence 1

!

webvpn context VPN-1

secondary-color white

title-color #CCCC66

text-color black

ssl authenticate verify all

!

!

policy group policy_1

   functions svc-enabled

   svc address-pool "pool1" netmask 255.255.255.255

   svc keep-client-installed

   svc split include 172.16.1.0 255.255.255.0

!

policy group policy_2

   functions svc-enabled

   mask-urls

   svc address-pool "pool2" netmask 255.255.255.255

   svc keep-client-installed

   svc rekey method new-tunnel

   svc split include 172.16.2.0255.255.255.0

default-group-policy policy_1

aaa authentication list ciscocp_vpn_xauth_ml_1

gateway gateway_1

inservice

!

4 REPLIES

Anyconnect vpn on Cisco Router | multiple group policy

Hello,

After doing some research I found this:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/904-cisco-router-anyconnect-webvpn.html

Administrators and engineers who have worked with the classic Cisco IPSec VPN client will wonder how they can support multiple groups with different access rights using AnyConnect.  The fact is that AnyConnect does support multiple groups, however it requires a radius server at the backend.

AnyConnect on a Cisco router without a radius server will only allow support for one group policy.

The radius server is needed so they provide the right attribute ( In this case the one that determines to which group a user belongs to)

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Anyconnect vpn on Cisco Router | multiple group policy

Hi,

I am using CISCO ACS v 4.2 , Can you help me how to setup with ACS ?

Regards,

Anyconnect vpn on Cisco Router | multiple group policy

Hello Mohamme,

I could help u with this but unfortunetly I do not have an ACS with me that I could use to try to make this happen

At least you know where the problem is and what the solution is .

Basically:

Configure your ACS Radius daemon so that it provide the correct webvpn group policy to each of the users being authenticated.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Anyconnect vpn on Cisco Router | multiple group policy

Thanks , I will check it and update you.

712
Views
0
Helpful
4
Replies
CreatePlease to create content