Saturday, January 6, 2018

ASA Connection Profiles and Policies

Setting up Remote Access VPN to the Cisco ASA.

When a user connects to a Cisco ASA to establish a remote access VPN there a number of factors/features that come into play.  Here i provide a high level summary of the steps that are taken by the ASA.

The user can connect either direct to the IP address of the ASA or to a defined IP address URL combination.  If connecting direct to the IP address the user may select
their required Tunnel Group (provided the ASA has been configured to allow this).   It is URL or Tunnel Group that is used by the ASA to establish any custom connection profile and user authentication parameters applied.  Fallback is for the ASA to use the Default Connection Profile.

Post User authentication the ASA applies Post Login Policies to nail down the access afforded to the user plus any DAP policies required.   Policies applied here can be determined by the user profile, user group profile, user connection profile or by the default connection profile.

No comments: