cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

304
Views
0
Helpful
1
Replies
Highlighted
Beginner

group Policy in IPSEC Remote VPN

Hi,

I have configured ASA 5510 With IPsec Remote VPN.With local database users(Users are created in ASA).

Internal network has 4 VLANS.

Need solution for below.

There are 25 Users created in ASA. where only 5 tp 6 users wants to grant access to Particualr IP and Subnets and rest of the users can access entire lan.

Is it possible to configure Group policy in ASA for IPsec Remote VPN.

Regards,

Raghu

1 REPLY 1
Mentor

Re: group Policy in IPSEC Remote VPN

Hi,

If you want to make different rules for different users and still have them use the same VPN Client profile/group, you can do it.

If you want specific configuration help you will need to provide me with information about the local networks (LAN and VPN Client) and what kind of access rules you want for the users etc.

Generally you can try the following approaches:

  • Configure each user which traffic you want to restrict with his/her own VPN IP address under the username configuration on the ASA
    • The user will always get the same IP address from the ASA when connecting with VPN Client and therefore you will know what the source address for his/her connections will be
  • When you have configured the IP addresses under the usernames, you can for example create an "object-group network " for them, add the mentioned IP addresses there and use that "object-group" for access rules for the VPN Client.
  • Rest of the VPN client usernames can be left to use the basic VPN Pool and in the access rules you can permit them to access anything behind the ASA.

As I said, the above is just the general approach you could take to easily limit access to some and permit all for others.

For more specific configuration I would need to see what the configuration looks like now.

- Jouni