Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA 5520 Cient VPN

Posted on 2011-04-30
1
Medium Priority
?
619 Views
Last Modified: 2012-05-11
I have a ASA 5520 VPN client configured and working fine with RADIUS authentication AD server and DHCP on the ASA for the VPN client. I have 6 users that I need to have them access certain servers and nobody else but them.
I tried to creating a test user on the local ASA and assigned him static IP and tried to make the VPN authentication mixed RADUIS and LOCAL but with no luck didn't work for the local user only AD users!
The VPN pool rang is 192.168.6.128 – 192.168.6.250, all I need is to have range of 6 IPs 192.168.6.2 – 192.168.6.7 outide of that VPN range to be assigned to those specific users so I can grant them access to the severs on the internal network. How do I do that? Your help is really appreciated.
Part of the config for VPN client is here:
   
enable Outside
group-policy DfltGrpPolicy attributes
 dns-server value 192.168.16.22 192.168.8.16
 vpn-tunnel-protocol IPSec svc webvpn
 group-lock value DefaultWEBVPNGroup
 address-pools value NNNVPNPool2
group-policy NNNVPNTUNNEL internal
group-policy NNNVPNTUNNEL attributes
 wins-server value 192.168.16.20
 dns-server value 192.168.16.22 192.168.8.16
 vpn-tunnel-protocol webvpn
 default-domain value ******
username XXXX password ********** encrypted privilege 15
username test password ********** encrypted privilege 15
username test attributes
 vpn-group-policy NNNVPNTUNNEL
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group (Outside) RADIUS LOCAL
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool (Inside) NNNVPNPool
 address-pool NNNVPNPool2
 authentication-server-group RADIUS LOCAL
 authentication-server-group (Outside) RADIUS LOCAL
tunnel-group DefaultWEBVPNGroup ipsec-attributes
 pre-shared-key ***********
tunnel-group NNNVPNTUNNEL type remote-access
tunnel-group NNNVPNTUNNEL general-attributes
 address-pool NNNVPNPool2
 authentication-server-group RADIUS LOCAL
 default-group-policy NNNVPNTUNNEL
tunnel-group NNNVPNTUNNEL ipsec-attributes
 pre-shared-key **********
0
Comment
Question by:modathir
1 Comment
 
LVL 13

Accepted Solution

by:
GuruChiu earned 2000 total points
ID: 35500730
You didn't list the details of NNNVPNPool2. I assume it defines 192.168.6.128 – 192.168.6.250.

All you need to do is define NNNVPNPool3, which defines 192.168.6.2 – 192.168.6.7.

Create a new group policy which use the authentication method you want (LOCAL?) and assign it to use NNNVPNPool3.

Finally create ACL or other policy to define what 192.168.6.2 – 192.168.6.7 can access.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question