My setup:
When a user connects to the network using the Anyconnect client, their AD group is checked via ISE and it assigns a vpn pool name via a RADIUS attribute back to the Anyconnect ASA. The ASA reads the pool name, and assigns an IP address from it's local-pool with the name it was told by ISE. This works good.
The problem I'm trying to solve is that I have a couple of pools, lets say for server-team and for normal-users (not giving specifics for security reasons). What I need to be able to do is assign an access-rule for an individual member of the server team so that he/she gets access to a service. Currently I can't do that. I'm wondering if there is a way you can bind mac-addresses to VPN pools (NOTE: not DHCP config)? Or another option: is there a way to bind access-rules on a per-username basis (where the usernames are not local usernames, but AD usernames)?
This way I could solve my problem.
No comments:
Post a Comment