Design question: I have multiple customers that will be VPNing (RA) into a single ASA. I would like to restrict their network access to a single vlan (subnet) on the ASA. Is this possible? I know it can be done w/ downloadable ACLs w/ ACS, but this is not an option right now.
Instead of using dnld ACL's, I think you could use different ip-local-pool on the ASA for each group defined. Then you'll need to apply the according access-list's to the config.
