Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
1
Replies

How flexible is ASA VPN auth & split tunnel

jlixfeld
Level 1
Level 1

‎05-15-2007 06:17 AM

I have an ASA5520 VPN cluster and I have a requirement to be able to a) assign IPs out of different IP pools for different users b) apply per user split tunnel ACLs c) enforce that only certain users are allowed to access the VPN device itself via telnet and ssh. It doesn't appear that this is possible within the local database, so I assume I have to use TACACS or something, but I still need to know if what I want to do is even possible.

Labels:
0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎05-17-2007 11:00 AM

I will try to answer it to the best.

a. You can assign a dedicated IP address to a user or assign a group policy for the user with the address pool.

b. You can assign filter on the group-policy which in-turn you can tie the user to the group-policy

c. You can use "telnet " or ssh command and be specific about what IP address should the request come from to access the device.

OR as you said, you can use TACACS to assign the user to a specific group and assign specific address.

Hope this answers your questions.

Cheers

Gilbert

0 Helpful
Customers Also Viewed These Support Documents