Avatar of XorgeD
Flag for United States of America asked on

AnyConnect to DMZ


I am new to the ASA, I need some help with the following

I need an SSL VPN client to access only a particular DMZ Sub interface/VLAN, I have several. Some of my internal servers access some servers on the DMZ with no problem there, each DMZ VLAN has NAT so every VLAN outputs traffic through a different public IP

I configured the 5520 for SSL VPN, the AnyConnect client is "Connecting", auth is local
the client is receiving an IP from the vpnpool I configured but I don't know how to input the NAT Exemption Rules, Routes or ACL's for the VPN Client to reach the desired VLAN

The idea is to build a config that depending on the user connecting, the SSL VPN tunnels points that connection to the appropriate DMZ/VLAN

Thanks in advance


Avatar of undefined
Last Comment

8/22/2022 - Mon

to have different clients have different access capabilities I would usually use LDAP authentication and use Group Membership to select the appropriate group policy on the ASA, the group policy can then contain the appropriate ACL

This can also be achieved using local authentication, right?

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks, That clarified quite a few ideas for me
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck