We have a Cisco VPN Concentrator 3015 working just fine using our Cisco ACS to authenticate clients VPNing into our network through broadband. We are in the process of outsourcing all our dial-up connections to another provider, requiring the user to then VPN into our network once dialed into the new ISPs network (I know not a good way to provide speed). What I need to do is use the VPN concentrator (or ACS) to restrict where the VPN users can go on the network (the two options are Internet, Email, internal applications OR just Internet). These restrictions are presently in place for our current dial-up users (into our network - that are going away) through an ACL on the 5200s. Since this step is being eliminated altogether (and the 5200s) through outsourcing the dial-up connections can this be easily done on the concentrator once the user launches the VPN client to gain access to our network? Im not authenticating anyone on the concentrator at this point just using the ACS. I certainly hope this makes some sense. Any suggestions are welcome! Thanks, Lisa Smith
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...