Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA-VPN: How do you restrict the remote access network - who can establish VPN and who not?

Hello,

in our VPN configuration (ASA5520, Anyconnect VPN Client), we have different VPN User Groups. These Group Policies are retrieved from an LDAP Server.

We'd like to restrict the acess like this:

A Group "Home User" might establish a VPN from anywhere on the Internet

A Group "restricted 3rd party" should only be allowed to establish a VPN from their specific public Source IP Address on the Internet (the public IP Address of this 3rd party Company). When these Users try to connect from any other IP Address on the Internet(Home, hotel, etc), VPN Access should not work!

On our old solution, we were able to limit the remote access network, per user group,  to some source IP's.

How can you do that in ASA?

The IP Filters related to group policies in here seem only to be filters concerning the VPN Address (after the VPN is established: where can this user group connect to). But I did not find filters/access lists, where yoiu can define/restrict public access networks for some groups.

Or is it possible to do that by Dynamic Access Policies? How?

Thanks,

2 REPLIES
New Member

ASA-VPN: How do you restrict the remote access network - who can

Hello - Did you find a resolution to this issue?

Thanks,

Dean

New Member

Look for how to disable

Look for how to disable "sysopt connection permit-vpn".

603
Views
0
Helpful
2
Replies