We have a PIX firewall providing a LAN-to-LAN VPN to an IOS router. We want to incorporate VPN Client 3.x terminating on the firewall with extended authentication using RADIUS/TACACS+. We also want to be able to limit the hosts/subnets accessed by VPN Clients based on their User login credentials.
.
I know the PIX will support XAUTH for the VPN clients but will it support user-based ACLs that restrict access for the VPN Clients. If so, would I need to user Cisco ACS to do so?
.