Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
0
Helpful
2
Replies

VPN Clients connecting to an ASA box with different rules.

vbuendia
Level 1
Level 1

‎02-07-2007 07:31 PM - last edited on ‎02-21-2020 11:46 PM by Community Manager

I have a set of different VPN clients connecting to an ASA.

I would like to set up different rules for every client (some users are able to access certain parts of the network and other users will only be allowed to other portions).

My assumption is that this can only be done through AAA and CSS, but I am not sure if there is any other way to do it unless I assign a static/single IP address to each user and make my access-list bigger. I'll appreciate any input on the matter.

Thanks in advance for your answers.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎02-13-2007 03:12 PM

Adding to what you suggested, you could create separate tunnel-groups with different address pools. Then write your acl's for those networks. Hopefully the vpn-filter acl will evolve as a useful alternative instead, but I'm yet to see it work properly.

0 Helpful

vbuendia
Level 1
Level 1
In response to acomiskey

‎02-14-2007 06:44 AM

Thanks a lot for your response.

I think the configuration will get a little too long but seems like my customer is OK woith that and is aware that this could be done more efficiently using AAA.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents