07-22-2010 04:29 PM
So with an asa 5520 vpn I have 3 or more vpn comming in
on seprate subnets however the users can log into any of them??? even though it does not set up p
roper ip range and they cant do anything this bothers me any suggestions.
Solved! Go to Solution.
07-23-2010 06:30 AM
yup you can use group-lock feature
07-22-2010 10:06 PM
could you please xplain the prob a little more
what exactly do you mean they can log in any of them
do you mean that they can access any resource over any vpn???
07-23-2010 04:14 AM
ok, If they have a user name and password for vpn1 they can get loged
on and use the resources in the subnet belonging to that and there connection profile seems to work fine.
If they use the connection VPN2 but are not in the connection profile for that VPN2 they can still use the same username and password for profile VPN1 they have no acces to the resources but they can get the connection no problem?
What it seems to do is give the ip from the connection pool for the username that logs on so they are on the wrong subnet when they connect to a vpn that have np profile on.. I amnot sure but if they went in to their networking and manualy changed their ip to the one on the vlan they dont have a profile on I think that would be able to get at the resources.
07-23-2010 05:10 AM
will it be possible for you to paste the vpn config
07-23-2010 06:05 AM
Seems like I have found the problem, Lock the user to the vpn group and it stops
them from getting into any other vpn tunnel.
07-23-2010 06:30 AM
yup you can use group-lock feature
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide