02-07-2007
07:31 PM
- last edited on
02-21-2020
11:46 PM
by
cc_security_adm
I have a set of different VPN clients connecting to an ASA.
I would like to set up different rules for every client (some users are able to access certain parts of the network and other users will only be allowed to other portions).
My assumption is that this can only be done through AAA and CSS, but I am not sure if there is any other way to do it unless I assign a static/single IP address to each user and make my access-list bigger. I'll appreciate any input on the matter.
Thanks in advance for your answers.
02-13-2007 03:12 PM
Adding to what you suggested, you could create separate tunnel-groups with different address pools. Then write your acl's for those networks. Hopefully the vpn-filter acl will evolve as a useful alternative instead, but I'm yet to see it work properly.
02-14-2007 06:44 AM
Thanks a lot for your response.
I think the configuration will get a little too long but seems like my customer is OK woith that and is aware that this could be done more efficiently using AAA.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide