I have a Cisco 2621 router as the vpn server and I am wanting to control access somehow. I have been told that I can link a username to a group and then to an IP pool, but I can't seem to find how to do that.
Sadly, I can't use most of that because I can't set it up for the Cisco Client software, the people that are going to be VPNing only want to use the Windows client.
I was thinking about making subinterfaces out of the outbound ethernet port and assigning different pools to different public IPs. The only problem with this is, I don't know how the building has the switch set up that I am connecting to, it may not be able to allow subinterfaces out. Or would it even matter?
Is there an AAA server available, such as the Cisco ACS, Microsoft ISA, or other radius server? The AAA server can be used to validate VPDN (i.e. PPTP, L2TP) as well as IPSec vpn connections. It is the authorization part of AAA that allows the restrictions that you are looking for.