06-28-2010 07:24 AM - edited 03-10-2019 05:13 PM
Good afternoon,
For remote vpn users, I would like to configure a dynamic vpn split tunnel depending where are they connected.
For example if a remote user is connected to ASA from italy, auth via acs radius server, a split tunnel list will be applied allowing user to access local resources, if the same user is connecting from germany, apply a split tunnel list allowing the local resources for germany office...
is it possible to achieve this? any link or documentation related?
Thanks for your support
07-01-2010 12:53 AM
Hi their sure you can do this.
If your User conencts you have to assign him a dACL and Shared RAC based on the Network Access Profile and the NAF for your locations.
EG:
create a Network Access Filter for Germany with all your german ASAs one for Italy with all your italian ASAs etc.
create a "Germany" Shared RAC with the important german settings (DNS wins etc)
Create a "Italy" Shared RAC with the settings for Italy
create dACL (for each location)
then go and create a Network access Profile for germany and one for italy - apply the network filter and assign under authorization the dACL and sRAC.
Should work without problems
Maybe have a look here:
HTH
Cheers Michael
07-01-2010 06:13 AM
I am working with ACS appliance v 5.1 for radius authentication/authorization
All clients are connecting to the same central ASA.
I have found in ACS Policy Elements - End station filters - Where I think I can diffrentiate where are the clients located.
Anybody knows if end station filters refer to the clients network or to the asa?
Thnks and best regards
Fran
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide