VPN Clients connecting to an ASA box with different rules.

Unanswered Question
Feb 7th, 2007

I have a set of different VPN clients connecting to an ASA.

I would like to set up different rules for every client (some users are able to access certain parts of the network and other users will only be allowed to other portions).

My assumption is that this can only be done through AAA and CSS, but I am not sure if there is any other way to do it unless I assign a static/single IP address to each user and make my access-list bigger. I'll appreciate any input on the matter.

Thanks in advance for your answers.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Tue, 02/13/2007 - 15:12

Adding to what you suggested, you could create separate tunnel-groups with different address pools. Then write your acl's for those networks. Hopefully the vpn-filter acl will evolve as a useful alternative instead, but I'm yet to see it work properly.

vbuendia Wed, 02/14/2007 - 06:44

Thanks a lot for your response.

I think the configuration will get a little too long but seems like my customer is OK woith that and is aware that this could be done more efficiently using AAA.

Thanks again.


This Discussion