We are a small company running an ASA 5505 and up until today, we've had about 10 mobile VPN users connecting from wherever they can get wireless access. Today we setup a seperate group tunnel for a development team that will also need access to the VPN. There are only a few with the company that need access and they do not want to setup a lan2lan vpn. We created IPSEC-ra accounts for these users but now we want to make sure they only access our VPN from their location which has a static IP. No programmers should be accessing the network from home or any other remote location. Is it possible to setup a configuration where the mobile users can connect from any source IP however the developers are teathered to one?
I don't think that's possible. The intention of a Remote Access VPN is that it can be initiated from virtually anywhere in the world without having to configure a group or crypto map for every possible ip-address.
You can restrict the times when the development team may connect to the ASA, but that doesn't prohibit them from making a connection when their not present at their own location.
I think it's better to place a VPN-device on the location of the development team so that you can be sure that they won't connect from a different location.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :