I have recently implemented an SSL VPN solution for a customer and have a couple of questions.
1) We have a 10 user license and are authenticating users using AD. The network administrator wants to ensure that there is always a connection for him, therefore leaving other users to contend for the other 9 connections. Is this something that would be implemented on the ASA or on the AD server?
2) Is it possible to source NAT/overload the SSL VPN clients to the ASAs inside interface thus removing the requirement to redistribute a route to the SSL VPN client pool into the routing protocol? I've tried it and couldn't get it to work.
Another issue I came accross whilst doing this deployement, was that I had to configure NAT exemption for all traffic between the LAN and the SSL VPN clients, even though I had the "Enable traffic through the firewall without address translation" check box checked.
According to the config guides I shouldn't have needed this - has anyone else had this issue. I'm running 8.0(4)
Many Thanks in advance