Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
1
Replies

Cisco ASA Remote Access VPN- Group URL

arrayservices
Level 1
Level 1

‎11-01-2013 11:51 AM - edited ‎02-21-2020 07:17 PM

Hello everyone-

I'm hoping someone can give me some assistance on a task I'm trying to accomplish with remote access VPN on an ASA5510. I am looking to configure remote VPN for 2 of our business partners. Each partner will need access to varying locations on our internal LAN. I have created the config necessary for each partner to connect and have tested successfully. I have created separate connection profiles, both passing authentication to a radius server of our. I have placed each on their own subnet and created firewall rules restricting each nework down to only the servers they should have access to. I have also used group URL's as part of the AnyConnect connection profiles and specified "remote.mycompany.com/partner1" and "remote.mycompany.com/partner2". The one piece I can't seem to get my mind around is what is preventing someone who works for Partner1 to enter in "remote.mycompany.com/partner2" in their Anyconnect client and connect with that profile? I have tested this and am able to do this. Would this be a function that radius would have to provide? Create seperate groups for each parnter? Also, would the ASA support this feature?

Any help would be greatly appreciated.

Brian

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎11-01-2013 06:37 PM

Brian,

Have a look at group-lock command and feature.

It should be what you're looking for.

M.

0 Helpful
Customers Also Viewed These Support Documents