i want all my vpn connections to be denied to access to one of my networks but from that network i can access to my remote connections.
So similiar as DMZ.
I got asa 5540 and ACS 4.2
So far what i tried and didnt succeded
-i create downloadable access list on ACS
-filter on group in ASA
-pushed firewall policy to user client
Solution what was cosest was with firewall policy, but automatcly i got 2 rules on top, to allow all trafic from my location to anywhere :/
any1 got any idea ?
And another question is about user authentication with ACS and ASA
Currently im using RADIUS as protocol and everything is working fine for more then 7 months. Sometimes when users connecting they dont get ip address from ACS (really not that big problem its like from 500 vpn connections maybe 1) but what i wanna to do to lower that number is to change user authenticaion to go not with RADIUS (udp) but with TACACS(tcp).
So where im stuck!
User authentication is ok,but my users cant get ip address from ACS,couse every user got fixed ip?
So any help would be nice