And don't forget about the tricky logic of this ACL, Matt. The source are IP in VPN pool and destination are hosts protected by the firewall.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Piotr Matusiak Sent: 17 April 2012 22:33 To: Matt Hill Cc: CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] AnyConnect per group ACLs Hi Matt, Use vpn-filter command when you can reference an extended ACL to filter the traffic per group. This command is under group-policy which is referenced to your tunnel-group. Regards, Piotr 2012/4/18 Matt Hill <[email protected]<mailto:[email protected]>> Hi Everyone, I have a client who has a bunch of different user groups, lets call them GROUP_1, GROUP_2 & GROUP_3 each with different network access requirements & restrictions. The requirement is that if a user from GROUP_1 logs in, it gains network access defined in ACL_1, if a user from GROUP_2 logs in, then it gains access defined in ACL_2 and likewise for the third group. I am normally good with the Cisco Docs and Googleisms, but this time I'm not having a very good time trying to find what I am after. If anyone has a decent doco link or sample config I'd appreciate it. Cheers, Matt CCIE #22386 CCSI #31207 _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
