troubleshooting Question

How to limit VPN access

Avatar of Bill Herde
Bill HerdeFlag for United States of America asked on
CiscoActive DirectoryVPN
17 Comments2 Solutions305 ViewsLast Modified:
I am using Cisco ASA firewalls.  I would like to use Cisco anyconnect VPN and direct some active directory users to be able to connect only to specific computers inside the network. Other users need unrestricted access.  Looking for thoughts on how to design this.
I could create VPN groups on the firewall that have access rules allowing only a single IP and even port to be connected, but all three firewalls would need to be manually updated with usernames and passwords.  Additionally, when connecting, the user would have to select the VPN group name.
I could create and active directory user with limited access to specific servers.  Radius is already in place.  But Restrictions in active directory seem to end at the machine level.  I would like these users to only be able to access port 80.  (RDP is open for maintenance as well as the usual windows ports)

Got any creative ideas?
Pete Long
Solutions Architect
Join our community to see this answer!
Unlock 2 Answers and 17 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 17 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros