I am using Cisco ASA firewalls. I would like to use Cisco anyconnect VPN and direct some active directory users to be able to connect only to specific computers inside the network. Other users need unrestricted access. Looking for thoughts on how to design this.
I could create VPN groups on the firewall that have access rules allowing only a single IP and even port to be connected, but all three firewalls would need to be manually updated with usernames and passwords. Additionally, when connecting, the user would have to select the VPN group name.
I could create and active directory user with limited access to specific servers. Radius is already in place. But Restrictions in active directory seem to end at the machine level. I would like these users to only be able to access port 80. (RDP is open for maintenance as well as the usual windows ports)
Got any creative ideas?