I've got an ASA 5520 8.0(3) setup with two RA VPN groups - a "normal" user vpn group and an "Admin" user vpn group. With the Cisco VPN client, it's fairly easy to ensure only admin folks get the Admin PCF file. However, I recently setup SSL VPN as well (using the same groups). I've set the SSL URLs such that a user going to https://site.company.com goes to the normal user vpn...and a user going to https://site.company.com/Admin uses the Admin profile. This all works, but there is nothing stopping a regular user from hitting the /Admin site if they somehow learn about it. I want to make sure that the /Admin tunnel can only be accessed by users in a specific AD group. Currently, to connect to the vpn, all users (normal and admin) have to be a member of the "VPN Users" group. How can I permit/deny access to a certain tunnel group based on AD group with Radius (IAS Win 2003)?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...