cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
10
Helpful
2
Replies

ASA VPN Group Restriction

lxcollin1
Level 1
Level 1

Hello,

Design question: I have multiple customers that will be VPNing (RA) into a single ASA. I would like to restrict their network access to a single vlan (subnet) on the ASA. Is this possible? I know it can be done w/ downloadable ACLs w/ ACS, but this is not an option right now.

Thanks!!

-Lee

2 Replies 2

mpalardy
Level 3
Level 3

Hey Lee,

Instead of using dnld ACL's, I think you could use different ip-local-pool on the ASA for each group defined. Then you'll need to apply the according access-list's to the config.

HTH

Mike

jackko
Level 7
Level 7

a group policy with a vpn filter may be configured on asa in order to restrict the access.

further, a vpn filter can be applied on individual user.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: