Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Deny Anyconnect Client Access for a group which is using AAA auth.

Hello,

following situation:

ASA 5520 running 8.0(4)28.

Serving multiple VPN groups using either Anyconnect or VPN-Client.

One of the Customers using group XXX does not want that his group is able to be etablished using anyconnect.

User auth is done by an external AAA.

Config if group-p:

group-policy XXX attributes

...

vpn-tunnel-protocol IPSec

...

Any Ideas?

Thx,

Peter

1 REPLY

Re: Deny Anyconnect Client Access for a group which is using AAA

Hi Peter,

The vpn tunnel protocol will help you with this as long as the users do not change of group to connect, if what you need is also to control users within this group, you need to use tunnel group lock which will deny users from getting connected if they do not connect to the correct tunnel group.

See step 11 on the following link:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html#wp1093578

You will need to pass the class attribute from your Auth server.

224
Views
0
Helpful
1
Replies
CreatePlease to create content