Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5500 IPSEC-ra VPN Question

We are a small company running an ASA 5505 and up until today, we've had about 10 mobile VPN users connecting from wherever they can get wireless access. Today we setup a seperate group tunnel for a development team that will also need access to the VPN. There are only a few with the company that need access and they do not want to setup a lan2lan vpn. We created IPSEC-ra accounts for these users but now we want to make sure they only access our VPN from their location which has a static IP. No programmers should be accessing the network from home or any other remote location. Is it possible to setup a configuration where the mobile users can connect from any source IP however the developers are teathered to one?


Re: ASA 5500 IPSEC-ra VPN Question

I don't think that's possible. The intention of a Remote Access VPN is that it can be initiated from virtually anywhere in the world without having to configure a group or crypto map for every possible ip-address.

You can restrict the times when the development team may connect to the ASA, but that doesn't prohibit them from making a connection when their not present at their own location.

I think it's better to place a VPN-device on the location of the development team so that you can be sure that they won't connect from a different location.

Please rate if the post is usefull!



CreatePlease login to create content