I'm using Windows 2003 IAS to do authentication for my ASA ver 8.0.4.
On the ASA I use group policy's and vpn-filter along with access-lists to control the access that IPSEC VPN users have. The access-list allows access to a common pool of servers that all need access to and deny's access to the rest of the network.
I have a bunch of users that when on the VPN they need RDP access to their PC. Up to this point I have been just adding a new permit line to the access-list that's attached to vpn-filter. This has worked however it also allows UserA access to UserB and UserC's PC. This is quickly growing into swiss cheese with all the holes.
I'm looking for a way to give access to UserA to her PC but not UserB and UserC's PC and also allow all users access to the common server pool.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...