I have a PIX-525 running version 6.3
The PIX is configured for remote access vpn.Mobile users use cisco vpn client software to connect and access the corporate network resources.
AAA Server is in place and is used in conjuction with xauth feature to authenticate the mobile users uing the cisco vpn client.The problem is that once any user is authenticated ( whether he is in customer support or management or Operations) he can access any part of the corporate network infrastructure.
How can i restrict this.One option is using multiple profiles on the PIX, but the users can easily install the .pcf file meant for other departments and are good to go.
What should i do ? I was wondering if i can use the AAA server already in place to do the authorization for the mobile users.What would be the configuration changes required on PIX to direct the mobile users to AAA for authorization.