SEC0404 – Firepower 7.0 AnyConnect VPN RADIUS Attributes (Part 3)

In order to control the traffic over the anyconnect tunnel
we need to edit the connection profile > advanced

There are 2 ways of accomplishing this with RADIUS

1. define ACL (Filter-ID) under Common Tasks in ISE in Auth profile
2. or define a DACL that will be pushed to FTD after RADIUS auth but this DACL is only used for traffic filter and not for any other purpose such as Split tunnel etc

The best reason to use this over static group policy is that for changes we dont have to redeploy the policy on fmc

and second reason is that you can push different policies to different groups of users instead of creating new group policy per group of users