Microsoft L2TP IPSec VPN mutliple policies based on user?
Is anyone able to tell me if it is possible to configure an IPsec tunnel for Microsoft Dial-up clients that can apply different security policies based on user, group or some other factor?
We currently have the pretty standard tunnel configured as documented in the FortiOS Handbook IPsec VPN for FortiOS 5.0 guide on page 187. We are pointing to a firewall user group which is configured with a radius server that requires membership in a particular AD group (vpn.access) we have the 12356 1 and 3 vendor attributes configured on the radius server.
What we would like is to be able to apply different security policies to connecting users based on the AD group they belong to. So far as I can see however as there is a single group tied to the l2tp configuration we can't. In addition as there is only a single IP range given out to clients in the l2tp configuration we cannot base it on IP either. Is there some way to identify the users perhaps using xauth or RSSO and configure user identity based policies?
I know it can be and we have done this elsewhere with the SSL VPN, but this client would like to use l2tp which is still a step up from there current pptp solution.
Cheers,
Nathan Emerson