I am running an ASA 5510 v8.32. I have a perfectly working SSL VPN for my internal users. I need to create a second connection profile, security policy, etc for a group of contractor accounts. With that policy, I want to assign each Contractor a static IP address so I can control their access via ACLs. No matter what I do, the account will continue to authenticate to the DfltGrpPolicy rather than the new policy I created. Is this possible, and if so, how do I have particular user accounts pick up the new profile/policy?
Under tunnel-group you can specify your default group policy for this tunnel, if you have a separate tunnel-group for your contractors and depending on settings like "tunnel-group-list" under webvpn global config.
bsns-asa5520-10(config)# tunnel-group TEST general-attributes bsns-asa5520-10(config-tunnel-general)# %ASA-5-111008: User 'enable_15' executed the 'tunnel-group TEST general-attributes' command. %ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'tunnel-group TEST general-attributes' defa bsns-asa5520-10(config-tunnel-general)# default-group-policy ?
tunnel-group-general mode commands/options: WORD < 65 char Name of the default group policy
You can also group-lock a group-policy to tunnel groups:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...