I have a fundamental design question.
I have a fairly large mobile population (cellular, wifi hotspots, etc) that need to access to access company resources. VPN is not an option for this user population due to the nature of devices.
Assuming I have this user population that uses a cellular network (private APN) and terminates on the cellular cloud. From the cellular cloud I want to build a site to site VPN to the company headend (ASA).
I want to be able to provide a re-directed web page (on the ASA ) for the user to present credentials.
From the ASA I want authenticate the user via RADIUS/AD
Based on the type of the user (returned from RADIUS), I want to allow certain IP Addresses and protocols.
The question I have is, do I need to use 2 ASA's. One for VPN and the other for the Authentication.
Has anyone implemented this scenario and willing to share config ideas.
Is there a better way to do this.
Appreciate your responses.