06-16-2009 02:18 AM
my risk dept is looking at swine flu pandemic planning and is wondering if certain users can have connections prioritized over the general remote access population.
Reducing the IP pool allocated to the general user and allocating addresses from a fixed pool is an option but are there other options available. All users have the VPN client and connect to ASA 8.04
Thanks
07-08-2009 08:41 AM
I don't know if there is such feature. Anyway, once you have it, everybody will say their job is high priority. If there is a pandemic, everybody will be working remotely.
I think running out of IP in the pool is not a problem if it is designed properly. Most RA VPN problem is bandwidth and license (for SSL).
07-14-2009 06:47 AM
what is it that you are trying to achieve ?
that they get the bandwith ?
that they get a license ?
what are you/they afraid of running out of ?
if using radius authentication there are several things that you can do to limit a specific user. i do not however believe there are a prioritasion schedule that someone is more important than someone else.
how would it choose ?
if one who is prioritised tries to log in and the licensing is already full, who should it kick out ?
I can recomend checking out cryptocard for authentication purposes if you do not have 2 factor authentication for the users.
07-14-2009 07:37 AM
Hi Thanks for your reply.
The proposal is that there will be a group identified who should get connected at all times in preference to a "normal worker??" Its not a bandwidth issue. ACS Radius is used for the authentication. But as you say. how to prioritize? Its an effort to try to stop the manual kicking out process
07-15-2009 04:02 AM
I do not think there is a "real" way to actually do this. i came up with the same idea as you with the ip pools, but other than that it is only automated scripting I can tink of that logs on to the firewall and keeps one line open at all times.
and I would not want to kick users out with scripts.
the other option would be to buy the critical people another firewall or atleast another way in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide