Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
3
Helpful
2
Replies

Clientless SSL/AnyConnect VPN Documentation

matt.karsten
Level 1
Level 1

‎11-14-2008 09:39 AM - edited ‎02-21-2020 04:02 PM

I recently setup the Clientless SSL and Anyconnect VPN. I currently have a pretty basic setup, if your a member of the AnyConnect AD group, you get the Anyconnect Client, if your not, you get the Clientless portal (all using the Dynamic Access Policies with LDAP.memberOf lookups). I also have some links on the portal page based on other groups you might be a part of in AD. Nothing to exciting.

Now there is a few other things I am trying to configure, such as, in the DAP, it looks like you can limit what networks someone has access to. So if someone is part of RemoteOffice1, I don't want them to be able to connect to anything in RemoteOffice2 (same the other direction), but if your part of CentralOffice you should be able to get to both. I tried setting this up and just couldn't get it to work.

What I am looking for is some better documentation than what I can find on the site or on Ciscopress/Safari (very possible I just haven't found the right book or the right document). The stuff thats out there doesn't do a very good job of explaining Connection Profiles (alike how it picks which one you will end up using), the ACL Manager (and Network ACL Filters) and a couple of other little things.

Thanks,

Matt Karsten

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎11-15-2008 09:24 PM

Hi Matt,

Understand what exactly you are trying to do, I have couple ssl vpn tunnels but unlike you I do not need the type of filtering you require between ssl tunnel groups. I do however have basic RA vpn for our regular vpn clients and use for some users per user vpn filters.

You may try this link, even though it does refers to vpn filters in general such as l2l and RA vpn I am quite confident you can use the vpn filter principle and apply it to your ssl tunnel groups policies.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Rgds

Jorge

Jorge Rodriguez
0 Helpful

matt.karsten
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎11-18-2008 08:14 AM

I'm a little slow replying to these sometimes...

This link didn't quite get me where I needed to be. Through a different issue I was working on with TAC, they pointed me at this document, it seems to do a good job of explaining Dynamic Access Policies, connection profiles, VPN ACLs and when/why things get applied the way they do.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents