I'm trying to think in a security perspective how to separate my departments from having shared resources via VPN. In our LAN environment, certain subnets block certain actions. However our VPN pool has access to a every resource everyone needs. So network operations vs customer service is now the same routes available.
I noticed in our ASA I can assign LDAP attributes to ASA attributes. Is there a way I can say per OU department to specify what IP pool and route policy is sent to that device?
Ideally I'd put "The only thing allowed in/out of the VPN Pool is RDP to your desktop" but a lot of groups are going laptop-only and they take those stations home with them, so we're like 5% remote worker and 95% on-net now. I've tried to search (Maybe the wrong keywords) what this sort of thing would require. Any guidance would be appreciated!
No comments:
Post a Comment