PIX, ASA or VPN concentrator & dynamic VPN

johnleeee · ‎10-25-2008

Hi all,

I need help what to use and how to do next.

What we need is to create remote VPN for many users so that every user is member of more than one group and every group is linked to predefined set of rules, for instance you can access this IPs, ports and so on.

How to do that dynamically? Is it possible to do that with one certificate?

Other question is what to use? ..PIX, ASA, VPN concentrator ?

BR

jl

Farrukh Haroon · ‎10-25-2008

The PIX and VPNC are both end of sale products now and unless you already have them your only choice is IOS or ASA. Of those two the ASA is the Cisco preffered platform for Remote Access VPNs.

You can map users to groups using Active Directory OUs, let them select a group at logon, have different logon URLs per group etc. However as far as I know this is not possible:

"every user is member of more than one group "

Some links:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

With remote access IPSEC VPNs you can either define the groups on the ASA or externally on the ACS Server.

Pls. rate if helpful.

Regards

Farrukh