cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
476
Views
0
Helpful
1
Replies

Deny Anyconnect Client Access for a group which is using AAA auth.

peter.ferl
Level 1
Level 1

Hello,

following situation:

ASA 5520 running 8.0(4)28.

Serving multiple VPN groups using either Anyconnect or VPN-Client.

One of the Customers using group XXX does not want that his group is able to be etablished using anyconnect.

User auth is done by an external AAA.

Config if group-p:

group-policy XXX attributes

...

vpn-tunnel-protocol IPSec

...

Any Ideas?

Thx,

Peter

1 Reply 1

Ivan Martinon
Level 7
Level 7

Hi Peter,

The vpn tunnel protocol will help you with this as long as the users do not change of group to connect, if what you need is also to control users within this group, you need to use tunnel group lock which will deny users from getting connected if they do not connect to the correct tunnel group.

See step 11 on the following link:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpngrp.html#wp1093578

You will need to pass the class attribute from your Auth server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: