04-06-2011 03:53 AM
Hello folks
can i have 2 pools each with diifferent subnet
let say pool-1 (172.16.30.0/24)
pool-2 (172.16.31.0/24) i wanna put restricution on remote vpn users having address from pool-2,and just give them access to 172.16.10.0/24,
is it possible on the asa 5510?is so how u do it?
thanks for any help
04-06-2011 04:40 AM
For the same remote access vpn you can't but you could create a second remote access vpn named differently and use the new pool. That way users can select which vpn they could use
Sent from Cisco Technical Support iPhone App
04-06-2011 10:59 AM
Hi
1)How you configure second vpn with second pool
2)what about the restriction on the 2nd pool, i want second pool to access specific address
3)we have acs can we create these 10 users on acs an perform downoable access-list
04-06-2011 03:54 PM
You could use the DAP for this or if you are going to create a new VPN group for this, you could also inside the group policy create a filter list and only allow the systems you want the users to access.
Sent from Cisco Technical Support iPhone App
04-06-2011 10:54 PM
hi
can u tell me how?
04-07-2011 07:11 PM
create another ip local pool for VPN users
then create a new group-policy that references this new address pool..
then create a new tunnel-group that uses the group policy as the default group policy.
You can then put all your regular normal stuff under the new group policy such as authentication, dns and domain information or if you put anything else under the policies.
Don't forget to add it to the nonat lists as well.
04-07-2011 08:41 PM
Just create separate tunnel-groups/group-policies, have the group policy reference the separate IPpools, impose vpn-filters on group policy you want to restrict.
Or an even easier solution would be to simply use a single IP pool, assign a framed IP address to users, and set up VPN filters to filter that specific framed IP address.
04-14-2011 11:57 AM
hi Patrick
how to configure the below,Please provide configuration exaple for that
Or an even easier solution would be to simply use a single IP pool, assign a framed IP address to users, and set up VPN filters to filter that specific framed IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide