Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
2
Replies

Remote-Access VPN Dual Tunnel Group

fatalXerror
Level 5
Level 5

‎06-27-2018 06:21 AM - edited ‎03-12-2019 05:24 AM

Hi,

I have an ASA with 1 outside interfaces with private IP, this interface is connected to an external firewall then there is LB above that firewall.

 

LB is doing DNS services and somehow NATing, there is also 2 types of users.

User A will be using URL-A which is handled by LB which is mapped to the public IP-A and this public IP-A is NATed to the outside interface of the ASA.

User B will be using URL-B which is handled by LB which is mapped to the public IP-B and this public IP-B is NATed to the outside interface of the ASA.

 

Is it possible? How to segregate logically in the ASA the 2 types of users? 

 

Thanks

Labels:
0 Helpful
2 Replies 2

Ben Walters
Level 4
Level 4

‎06-27-2018 08:35 AM

On the firewall you can create 2 different connection profiles for each group of users.

 

From there it just depends on the authentication that you use on the firewall for the RA-VPNs (Local,AAA,Cert) You would have to separate each user into their correct group either with a local user account with the correct group policy on the firewall, or a proper policy from your AAA server or cert information.

0 Helpful

fatalXerror
Level 5
Level 5
In response to Ben Walters

‎06-27-2018 10:58 PM

Hi Ben,

Thanks for the feedback and noted on your suggestion.

But will the design going to work the LB will be controlling the public to private IP mapping to my outside interface? 2 public IP NATed to 1 private IP what I mean is if user connects to publicA, LB will direct it to outside IP or user connects to publicB, LB will direct to the outside IP also.

Thanks

0 Helpful
Customers Also Viewed These Support Documents