https://community.cisco.com/t5/network-access-control/locking-down-users-access/m-p/1213788#M350238 <HTML><HEAD></HEAD><BODY><P>You might want to take a look at Dynamic Access Policies, it allows you to make control more granular based on network lists:</P><P></P><P><A class="jive-link-custom" href="https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml" target="_blank">https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml</A></P></BODY></HTML> Mon, 16 Feb 2009 15:24:03 GMT Ivan Martinon 2009-02-16T15:24:03Z https://community.cisco.com/t5/network-access-control/locking-down-users-access/m-p/1213787#M350237 <P>Hi</P><P></P><P>I'm using Windows 2003 IAS to do authentication for my ASA ver 8.0.4.</P><P></P><P>On the ASA I use group policy's and vpn-filter along with access-lists to control the access that IPSEC VPN users have. The access-list allows access to a common pool of servers that all need access to and deny's access to the rest of the network.</P><P></P><P>I have a bunch of users that when on the VPN they need RDP access to their PC. Up to this point I have been just adding a new permit line to the access-list that's attached to vpn-filter. This has worked however it also allows UserA access to UserB and UserC's PC. This is quickly growing into swiss cheese with all the holes. </P><P></P><P>I'm looking for a way to give access to UserA to her PC but not UserB and UserC's PC and also allow all users access to the common server pool. </P><P></P><P>Any ideas ? Thanks Much!</P><P></P><P></P><P></P> Sun, 10 Mar 2019 23:20:23 GMT https://community.cisco.com/t5/network-access-control/locking-down-users-access/m-p/1213787#M350237 Tim Glen 2019-03-10T23:20:23Z https://community.cisco.com/t5/network-access-control/locking-down-users-access/m-p/1213788#M350238 <HTML><HEAD></HEAD><BODY><P>You might want to take a look at Dynamic Access Policies, it allows you to make control more granular based on network lists:</P><P></P><P><A class="jive-link-custom" href="https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml" target="_blank">https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml</A></P></BODY></HTML> Mon, 16 Feb 2009 15:24:03 GMT https://community.cisco.com/t5/network-access-control/locking-down-users-access/m-p/1213788#M350238 Ivan Martinon 2009-02-16T15:24:03Z