I am trying to migrate all my VPNs from PIX to Concentrator. What I am planning to have is users connect to 3000 box via Windows Workstation L2TP tunnel and they should be part of a VLAN which is behind the VPN Concentrator. For ex. USer A dials in and he uses "Technical" as groupname and he should be made part of VLAN "Technical" created on the switch. IS this possible ?
You can't assign a specific user to a specific VLAN while connecting to the concentrator. On the other hand, you can push split tunneling policies, on where you can allow specific users connecting to specifics groups to allow certain network(s) behind your concentrator.
Split tunneling lets an IPSec client conditionally direct packets over an IPSec tunnel in encrypted form, or to a network interface in cleartext form. Packets not bound for destinations on the other side of the IPSec tunnel do not have to be encrypted, sent across the tunnel, decrypted, and then routed to a final destination. Split tunneling thus eases the processing load, simplifies traffic management, and speeds up untunneled traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...