Hi Team,
Is it possible to have the ASA configured for two different dial in VPN
access policies as follows:
- - First group of remote dial in VPN users are active directory
authenticated and restricted with private certificate
- - Second group of remote dial in VPN users are active directory
authenticated and restricted based on their source real IP address
What may be the options for implementation, and would this require the two
groups of users to dial into two different external ASA IP address?
The story behind this is that the customer has implemented a Private
Certificate as part of remote dial in VPN access authentication. They have
some of their remote users not happy with this option as it restricts
remote access to specific PC or Laptop where the certificate is installed.
However they need flexibility of connecting from any PC within their remote
small office/home where they connect through a gateway with a fixed Real-IP
address. So for this group of users they need to implement another policy
where they can have access restriction based on their source real IP
address. Other users who already happy with the private certificate will
stay the same.
Cheers
Mahmoud
CCIE#23690
Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 12 2012 - 11:31:03 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART