12-16-2013 01:55 PM
Dear Community
I have AnyConnect Client configured on a cisco ASA.
And I am trying to assign a connection profile based on the *clients public source ip*.
To quote an example:
Users connecting out of the public network segment A.B.C.D/255.255.255.0 should receive connection profile A.
All other users should receive connection profile B.
Is anyone able provide an approach to solve this problem?
any help would be really appreciated.
best regards
Chris
12-16-2013 03:18 PM
I don't believe there is a way to do that. You should be setting filters by user not by source IP. Why do you want to do it by source IP?
12-16-2013 10:18 PM
Thanks for your replay.
because of regulations.
People within home country are allowed to have full access.
While (even the same) people are abroad limited access is granted only.
12-16-2013 11:36 PM
You can achieve that with the help of an external RADIUS-server. The client IP is sent to the server in the RADIUS-attribute 31, "Calling-Station-Id". The RADIUS-server needs the flexibility to act on the request with a script in that you could change the IP to a network based on your mask (and propably GeoIP-information).
This shold all be possible with FreeRADIUS.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide