ASA-VPN: How do you restrict the remote access network - who can establish VPN and who not?

Unanswered Question
Sep 7th, 2010
User Badges:


in our VPN configuration (ASA5520, Anyconnect VPN Client), we have different VPN User Groups. These Group Policies are retrieved from an LDAP Server.

We'd like to restrict the acess like this:

A Group "Home User" might establish a VPN from anywhere on the Internet

A Group "restricted 3rd party" should only be allowed to establish a VPN from their specific public Source IP Address on the Internet (the public IP Address of this 3rd party Company). When these Users try to connect from any other IP Address on the Internet(Home, hotel, etc), VPN Access should not work!

On our old solution, we were able to limit the remote access network, per user group,  to some source IP's.

How can you do that in ASA?

The IP Filters related to group policies in here seem only to be filters concerning the VPN Address (after the VPN is established: where can this user group connect to). But I did not find filters/access lists, where yoiu can define/restrict public access networks for some groups.

Or is it possible to do that by Dynamic Access Policies? How?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion