you can definitely use usernames/password pair for each user through an ACS server. Once any user connects to the network, the vpn device forwards the requests to the ACS server and checks the user credentials. once authenticated, they get access to the network...
you can use the vpn monitor of the cisco vms package to track the vpn sessions. it gives you a very good history of the vpn users connected..... am really not sure if ACS can do mac authentication for dialin users...
Well right now I set the customer up to use a different VPN group for each user. This allows them to use the PDM and monitor each tunnel to see if the user is on the network or not. What they would realy like is to lock each VPN group to a specific mac address. So for example salesperson A can only use VPN group SalesA and can only use their laptop to access the SalesA VPN group. And or a way to trap or log the mac address that is used by the user to access the network. And log a history of when users where on the network. So what the customer is looking for is
1 a log of what mac addresses and IP addresses are used to access the network
2. a history ( perferably a graffic history) of when the users are on the network.
Can anyone see a posible way to do this? Does cisco have a mib for the VPN tunnels that can be accesses with MRTG, net monitor, or other snmp program that provides a graphic history?
Can I use an mac access list on a VPNgroup? to lock the users to the company provided laptops?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...