Link to home
Start Free TrialLog in
Avatar of XorgeD
XorgeDFlag for United States of America

asked on

AnyConnect to DMZ

Hi,

I am new to the ASA, I need some help with the following

I need an SSL VPN client to access only a particular DMZ Sub interface/VLAN, I have several. Some of my internal servers access some servers on the DMZ with no problem there, each DMZ VLAN has NAT so every VLAN outputs traffic through a different public IP

I configured the 5520 for SSL VPN, the AnyConnect client is "Connecting", auth is local
the client is receiving an IP from the vpnpool I configured but I don't know how to input the NAT Exemption Rules, Routes or ACL's for the VPN Client to reach the desired VLAN

The idea is to build a config that depending on the user connecting, the SSL VPN tunnels points that connection to the appropriate DMZ/VLAN

Thanks in advance

Xorg
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

to have different clients have different access capabilities I would usually use LDAP authentication and use Group Membership to select the appropriate group policy on the ASA, the group policy can then contain the appropriate ACL
Avatar of XorgeD

ASKER

This can also be achieved using local authentication, right?
ASKER CERTIFIED SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of XorgeD

ASKER

Thanks, That clarified quite a few ideas for me