Configure Multiple Connection Profiles

If you decide to grant different rights to different groups of VPN users, then you can configure specific connection profiles or group policies for each of the user groups. For example, you might allow a finance group to access one part of a private network, a customer support group to access another part, and an MIS group to access other parts. In addition, you might allow specific users within MIS to access systems that other MIS users cannot access. Connection profiles and group policies provide the flexibility to do so securely.

You can configure only one connection profile when you create a VPN policy using the Remote Access Policy wizard. You can add more connection profiles later. A device also provides a default connection profile named DefaultWEBVPNGroup.

Before you begin

Ensure that you have configured remote access VPN using the Remote Access Policy wizard with a connection profile.

Procedure

Step 1

On your Cisco Defense Orchestrator web interface, choose Devices > VPN > Remote Access.

Existing remote access policies are listed.
Step 2

Select a remote access VPN policy and click Edit.

Step 3

Click Add and specify the following in the Add Connection Profile window:

  1. Connection Profile—Provide a name that the remote users will use for VPN connections. The connection profile contains a set of parameters that define how the remote users connect to the VPN device.

  2. Client Address Assignment— Assign IP Address for the remote clients from the local IP Address pools, DHCP servers, and AAA servers.

  3. AAA— Configure the AAA servers to enable managed devices acting as secure VPN gateways to determine who a user is (authentication), what the user is permitted to do (authorization), and what the user did (accounting).

  4. Aliases—Provide an alternate name or URL for the connection profile. Remote Access VPN administrators can enable or disable the Alias names and Alias URLs. VPN users can choose an Alias name when they connect to the FTD device remote access VPN using the AnyConnect VPN client.

Step 4

Click Save.