10-25-2008 04:24 AM - edited 02-21-2020 04:00 PM
Hi all,
I need help what to use and how to do next.
What we need is to create remote VPN for many users so that every user is member of more than one group and every group is linked to predefined set of rules, for instance you can access this IPs, ports and so on.
How to do that dynamically? Is it possible to do that with one certificate?
Other question is what to use? ..PIX, ASA, VPN concentrator ?
BR
jl
10-25-2008 04:51 AM
The PIX and VPNC are both end of sale products now and unless you already have them your only choice is IOS or ASA. Of those two the ASA is the Cisco preffered platform for Remote Access VPNs.
You can map users to groups using Active Directory OUs, let them select a group at logon, have different logon URLs per group etc. However as far as I know this is not possible:
"every user is member of more than one group "
Some links:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
With remote access IPSEC VPNs you can either define the groups on the ASA or externally on the ACS Server.
Pls. rate if helpful.
Regards
Farrukh
10-28-2008 01:25 AM
Does you question relate to RemoteAccess IPSEC or SSL VPNs?
Regards
Farrukh
10-28-2008 06:56 AM
try using LDAP for group matching. it's easier than using ACS and IAS and is less intrusive on the network.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/extsvr.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide