ASA 5520 Cient VPN

I have a ASA 5520 VPN client configured and working fine with RADIUS authentication AD server and DHCP on the ASA for the VPN client. I have 6 users that I need to have them access certain servers and nobody else but them.
I tried to creating a test user on the local ASA and assigned him static IP and tried to make the VPN authentication mixed RADUIS and LOCAL but with no luck didn't work for the local user only AD users!
The VPN pool rang is 192.168.6.128 – 192.168.6.250, all I need is to have range of 6 IPs 192.168.6.2 – 192.168.6.7 outide of that VPN range to be assigned to those specific users so I can grant them access to the severs on the internal network. How do I do that? Your help is really appreciated.
Part of the config for VPN client is here:
   
enable Outside
group-policy DfltGrpPolicy attributes
 dns-server value 192.168.16.22 192.168.8.16
 vpn-tunnel-protocol IPSec svc webvpn
 group-lock value DefaultWEBVPNGroup
 address-pools value NNNVPNPool2
group-policy NNNVPNTUNNEL internal
group-policy NNNVPNTUNNEL attributes
 wins-server value 192.168.16.20
 dns-server value 192.168.16.22 192.168.8.16
 vpn-tunnel-protocol webvpn
 default-domain value ******
username XXXX password ********** encrypted privilege 15
username test password ********** encrypted privilege 15
username test attributes
 vpn-group-policy NNNVPNTUNNEL
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group (Outside) RADIUS LOCAL
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool (Inside) NNNVPNPool
 address-pool NNNVPNPool2
 authentication-server-group RADIUS LOCAL
 authentication-server-group (Outside) RADIUS LOCAL
tunnel-group DefaultWEBVPNGroup ipsec-attributes
 pre-shared-key ***********
tunnel-group NNNVPNTUNNEL type remote-access
tunnel-group NNNVPNTUNNEL general-attributes
 address-pool NNNVPNPool2
 authentication-server-group RADIUS LOCAL
 default-group-policy NNNVPNTUNNEL
tunnel-group NNNVPNTUNNEL ipsec-attributes
 pre-shared-key **********
LVL 5
modathirAsked:
Who is Participating?
 
GuruChiuCommented:
You didn't list the details of NNNVPNPool2. I assume it defines 192.168.6.128 – 192.168.6.250.

All you need to do is define NNNVPNPool3, which defines 192.168.6.2 – 192.168.6.7.

Create a new group policy which use the authentication method you want (LOCAL?) and assign it to use NNNVPNPool3.

Finally create ACL or other policy to define what 192.168.6.2 – 192.168.6.7 can access.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.