Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
1
Replies

Anyconnect USers restriction to access Vpn

kunalchopra1992
Level 1
Level 1

‎06-12-2017 05:24 AM - edited ‎02-21-2020 09:19 PM

Hi guys,

I have a situation. My clients connect to AnyConnect vpn after getting authenticated by  RADIUS server.

Now all users having entries in RADIUS are able to authenticate and access my remote access VPN  but I want only some users should be allowed to access Anyconnect .. Is it possible ???

Thanks in advance

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎06-12-2017 05:54 AM

Yes, this should be possible. If you use LDAP as back end auth protocol, you can use the "memberof" attribute to only allow users part of specific AD group to have access to VPN. Users would be assigned a specific Group-policy using LDAP attribute maps. The rest will fall into a group-policy with "simultaneous-logins" set to 0.  You can use the example given in this doc:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html#anc15

0 Helpful
Customers Also Viewed These Support Documents