I am hosting two different customer enviroments behind an ASA. I have two seperate connection profiles and two seperate usernames that are local to the ASA. How can I configure a username to only be able to connecto to one of the connection profiles?
In ASDM go to configuration > Remote Access VPN > AAA/Local Users > Local Users and select the uuser you want to modify. Choose Edit and in the window that appears, deselect the "Connection Profile (Tunnel Group) Lock" Inherit checkbox. (The default behavior is to inherit "unlocked" from the DefaultRA or WebVPN Profile for client-based (AnyConnect) and clientless SSL VPN respectively.). Then choose the profile you want to the user to be required to use. Click OK when finished, Apply and Save.
(edit - or like Chris posted for the cli mode equivalent)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...