I have my ASA5510 configured to authenticate VPN clients against an internal Win2003 IAS server. This works fine - users authenticate and can reach inside network. I have the ASA configured to allow HTTPS/ASDM access from the same inside net the users connect to - this is by necessity at this time, but I know not a good practice. The VPN clients once authenticated/connected to inside net can now https://ASA_Inside_Interface and authenticate with same credentials.
How do I prevent this?
Thx,
Phil