With the influx of people WFH, I've ran into an issue permitting specific groups of people to services via Anyconnect. My user base is split into staff/students that use Anyconnect, which have assigned pools for them to use when they join the VPN. Now I get the odd requirement to put a rule in, whereby only specific staff users X and Y should be able to RDP into PC Z via Anyconnect. But given that all staff share the same VPN pool, this is just not possible. It's all or nothing. Has anyone else ran into this, and how did you overcome it?
PS: This is on a firepower box, managed via the FMC, and auth is done by AD via ISE.
No comments:
Post a Comment