Solved: ASA5520vpn

pskipton01 · ‎07-22-2010

So with an asa 5520 vpn I have 3 or more vpn comming in

on seprate subnets however the users can log into any of them??? even though it does not set up p

roper ip range and they cant do anything this bothers me any suggestions.

Jitendriya Athavale · ‎07-23-2010

yup you can use group-lock feature

View solution in original post

Jitendriya Athavale · ‎07-22-2010

could you please xplain the prob a little more

what exactly do you mean they can log in any of them

do you mean that they can access any resource over any vpn???

pskipton01 · ‎07-23-2010

ok, If they have a user name and password for vpn1 they can get loged

on and use the resources in the subnet belonging to that and there connection profile seems to work fine.

If they use the connection VPN2 but are not in the connection profile for that VPN2 they can still use the same username and password for profile VPN1 they have no acces to the resources but they can get the connection no problem?

What it seems to do is give the ip from the connection pool for the username that logs on so they are on the wrong subnet when they connect to a vpn that have np profile on.. I amnot sure but if they went in to their networking and manualy changed their ip to the one on the vlan they dont have a profile on I think that would be able to get at the resources.

Jitendriya Athavale · ‎07-23-2010

will it be possible for you to paste the vpn config

pskipton01 · ‎07-23-2010

Seems like I have found the problem, Lock the user to the vpn group and it stops

them from getting into any other vpn tunnel.

Jitendriya Athavale · ‎07-23-2010

yup you can use group-lock feature