I am not sure how you have configured the current VPN Client setup.
Do you have "tunnel-group" for each of these 6 networks?
I guess in that case you have a "group-policy" for each "tunnel-group" that either restricts the traffic through Split Tunnel setting or with the use of VPN Filter ACL (or both)?
And if you have "username" configured for all the users on the ASA itself then you could naturally use the "username attributes" configuration to move to the correct configuration mode and then use the "group-lock" parameter/command to lock the "username" in question only to a certain "tunnel-group".
You also have to ability to set that users "vpn-group-policy" under the "username attributes" if you wish it to use something else than the one configured under "group-policy" that the "tunnel-group" uses.
I have used the "group-lock" command to lock users to a particular network, that's just what I wanted.
I do have one other question however not a showstopper. I have multiple vpn profiles so user can select the one to use. I would like if at all possible to not have the dropdown list but assign the correct profile to the user name.
When I de-select the option"Allow users to select connection profile" it uses the "DefaultWebVPNGroup". The dropdown box with the vpn selections is now gone but my vpn logon now also fails.
I have tried several settings in the users properties but so far, no joy.
I got to admit that I am a bit rusty on the VPN Client side.
In some of our environments we utilize the default RA (Remote Access) "tunnel-group" only and use a separate AAA server to return the correct group for the user based on their login information.
Now if we had to do this with just the ASA then I am not 100% sure how to set it up. I wonder if the solution would then be to remove all the non default "tunnel-group" configurations related to the type of VPN you are using and simply using the default "tunnel-group" and assigning "username" different "group-policy" based on their need?
In other words using only the default "tunnel-group" there would be nothing to choose from in the drop down menu but the "group-policy" attached to the "username" would define to which networks traffic would be tunneled and so on.
I guess this would still require you to configure an "address-pool" under the default "tunnel-group" or you would have to define each users IP address under the "username attributes".
To view the default "tunnel-group" and "group-policy" configurations on the CLI of the ASA you would have to use this command
show run all tunnel-group
show run all group-policy
Do take note that these commands print out a lot more information/configurations than the usual "show run" variation. This is because the command also shows the default settings which arent otherwise visible in the "show run" output.
Would really need to test this myself to be able to give you an 100% sure answer.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...