Hi All,
Apologies if this has been answered, but I've not found anything relevant in a search of the forums.
Been testing ASG for the past 24 hours now and I'm very impressed with its capabilities so far. I was really looking for something to support the 4 main VPN protocols to provide remote access capabilities for our staff and was about to have one of our linux gurus pull something together with complex configuration files and sleepless nights doing it... until I found this..
My only concern so far, however:
Is there a way to limit access to network resources via the VPN based on the user's group memembership, or alternatively to assign users to specific VPN address pools based on their login/group memebership to enable us to restrict access to certain network resources?
As an example, I would like VPN connections from the "Noc Admins" group to have full unrestricted access to the whole of the network, while "General Staff" should only have access to backoffice applications (and internet, for both, of course..)
I can certainly make such restrictions globally with a combination of the PF and Masquerading rules, but can't find a way to do this on a per-user or per-usergroup basis.
Can do it for HTTP traffic only if using the web content proxy/filtering policies, but not for all IP traffic on the VPN that I can see -- unless I'm missing something.
we don't *really* want to have to put separate boxes in separate VLANs for each group... not really practical.
thanks in advance for any suggestions.
Leland
This thread was automatically locked due to age.
