Hello everyone-
I'm hoping someone can give me some assistance on a task I'm trying to accomplish with remote access VPN on an ASA5510. I am looking to configure remote VPN for 2 of our business partners. Each partner will need access to varying locations on our internal LAN. I have created the config necessary for each partner to connect and have tested successfully. I have created separate connection profiles, both passing authentication to a radius server of our. I have placed each on their own subnet and created firewall rules restricting each nework down to only the servers they should have access to. I have also used group URL's as part of the AnyConnect connection profiles and specified "remote.mycompany.com/partner1" and "remote.mycompany.com/partner2". The one piece I can't seem to get my mind around is what is preventing someone who works for Partner1 to enter in "remote.mycompany.com/partner2" in their Anyconnect client and connect with that profile? I have tested this and am able to do this. Would this be a function that radius would have to provide? Create seperate groups for each parnter? Also, would the ASA support this feature?
Any help would be greatly appreciated.
Brian