Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco ASA Remote Access VPN- Group URL

Hello everyone-

I'm hoping someone can give me some assistance on a task I'm trying to accomplish with remote access VPN on an ASA5510. I am looking to configure remote VPN for 2 of our business partners. Each partner will need access to varying locations on our internal LAN. I have created the config necessary for each partner to connect and have tested successfully. I have created separate connection profiles, both passing authentication to a radius server of our. I have placed each on their own subnet and created firewall rules restricting each nework down to only the servers they should have access to. I have also used group URL's as part of the AnyConnect connection profiles and specified "remote.mycompany.com/partner1" and "remote.mycompany.com/partner2". The one piece I can't seem to get my mind around is what is preventing someone who works for Partner1 to enter in "remote.mycompany.com/partner2" in their Anyconnect client and connect with that profile? I have tested this and am able to do this. Would this be a function that radius would have to provide? Create seperate groups for each parnter? Also, would the ASA support this feature?

Any help would be greatly appreciated.

Brian

1 REPLY
Cisco Employee

Cisco ASA Remote Access VPN- Group URL

Brian,

Have a look at group-lock command and feature.

It should be what you're looking for.

M.

176
Views
0
Helpful
1
Replies
CreatePlease to create content