PIX, ASA or VPN concentrator & dynamic VPN

Unanswered Question
Oct 25th, 2008
User Badges:

Hi all,

I need help what to use and how to do next.

What we need is to create remote VPN for many users so that every user is member of more than one group and every group is linked to predefined set of rules, for instance you can access this IPs, ports and so on.

How to do that dynamically? Is it possible to do that with one certificate?

Other question is what to use? ..PIX, ASA, VPN concentrator ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Sat, 10/25/2008 - 04:51
User Badges:
  • Red, 2250 points or more

The PIX and VPNC are both end of sale products now and unless you already have them your only choice is IOS or ASA. Of those two the ASA is the Cisco preffered platform for Remote Access VPNs.

You can map users to groups using Active Directory OUs, let them select a group at logon, have different logon URLs per group etc. However as far as I know this is not possible:

"every user is member of more than one group "

Some links:



With remote access IPSEC VPNs you can either define the groups on the ASA or externally on the ACS Server.

Pls. rate if helpful.



Farrukh Haroon Tue, 10/28/2008 - 01:25
User Badges:
  • Red, 2250 points or more

Does you question relate to RemoteAccess IPSEC or SSL VPNs?




This Discussion