I have a customer that will have different users on different subnets/vlans and will be handed DHCP controlled IP addresses otherwise I would have suggested ACLs. He wants to be able to control what a user accesses on other subnets. I was thinking that if person A is in subnet C and can use all resources in subnet C and a host in subnet B and person B can use all resources in subnet C and a host in subnet B and A, that that can be controlled by VPN client access between vlans through an ASA. Any thoughts?
If I understand currectly you want your vpn clients or better said a particular vpn user have certain access to some vlans or host and restricted access to some vlans or hosts, if this is so you can accomplish this by using per user vpn filters.. please let me know if I have understood you wrong.
this is an example.