You can setup policy under IAS console to permits users who are members of a Active Directory group only to have vpn access. under the new policy setup attributes you can setup so access can be restricted to members of the AD group only.
To define a remote access policy, from the IAS console, right-click Remote Access Policies and click New Remote Access Policy.
In the New Remote Access Policy Wizard, select Set up a custom policy and type a policy name. Click Next.
Under the Policy Conditions box, click Add and then select the Windows-Groups attribute type.
Select the Active Directory user group whose access you want to restrict OR allow access. A summary of conditions to match for this policy is shown. You may add additional groups, but users must be a member of all the groups to be granted access. Click Next.
Select Grant or Deny remote access permission based on the group in AD and click Next.
Click Edit Profile to edit the dial-in properties for the remote access profile. This is where Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) authentication and VSAs are enabled. Click the Authentication tab and clear the Microsoft Encrypted Authentication check boxes. Select the Encrypted authentication (CHAP) and Unencrypted authentication (PAP, SPAP) check boxes.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...