I have a dynamic VPN profile which seems to work. Users can log in using their AD domain accounts, get their protected resources and everything runs ok.
Bu the question remains whether I can somehow differentiate between two (or more) user groups and selectively allow access from VPN clients to protected resources.
For example, I would want something similar to:
1) Users that are in group G1 in AD can access everything (for example - 10.0.0.0/8 and 192.168.0.0/16)
2) Users that are in group G2 in AD can access only 10.0.0.0/8
Is it possible with dynamic vpn? I mean - I could of course filter by IP but can I create two different IP pools and set client's IP by group membership?
Regards
MK