That's quite a workaround ;)
-----Original Message----- From: Matt Hill [mailto:[email protected]] Sent: 01 May 2012 15:35 To: Eugene Pefti Cc: Piotr Matusiak Subject: Re: [OSL | CCIE_Security] AnyConnect per group ACLs How we got it to work was by using DAP, a new(ish) feature... We got the RADIUS to send the AD group to the ASA then the ASA applies an ACL based on the received attribute from the RADIUS. Cheers for your help, Matt On 20 April 2012 05:02, Eugene Pefti <[email protected]> wrote: > And don't forget about the tricky logic of this ACL, Matt. > > The source are IP in VPN pool and destination are hosts protected by > the firewall. > > > > Eugene > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Piotr > Matusiak > Sent: 17 April 2012 22:33 > To: Matt Hill > Cc: CCIE Security Maillist > Subject: Re: [OSL | CCIE_Security] AnyConnect per group ACLs > > > > Hi Matt, > > Use vpn-filter command when you can reference an extended ACL to > filter the traffic per group. This command is under group-policy which > is referenced to your tunnel-group. > > Regards, > Piotr > > 2012/4/18 Matt Hill <[email protected]> > > Hi Everyone, > > I have a client who has a bunch of different user groups, lets call > them GROUP_1, GROUP_2 & GROUP_3 each with different network access > requirements & restrictions. > > The requirement is that if a user from GROUP_1 logs in, it gains > network access defined in ACL_1, if a user from GROUP_2 logs in, then > it gains access defined in ACL_2 and likewise for the third group. > > I am normally good with the Cisco Docs and Googleisms, but this time > I'm not having a very good time trying to find what I am after. > > If anyone has a decent doco link or sample config I'd appreciate it. > > Cheers, > Matt > CCIE #22386 > CCSI #31207 > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
