PA to Cisco ASA Site to Site IPSEC with source as user id instead of IP address

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA to Cisco ASA Site to Site IPSEC with source as user id instead of IP address

Cyber Elite
Cyber Elite

Need to know  is it possible to use Site to Site IPSEC with Cisco ASA and use USer id  instead of source address in the Palo Alto?

 

What we want is instead of source IP address we can config the user id.

 

 

 

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

@MP18,

You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea. 

 

If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any. 

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

Can you expand you your question? If you mean what traffic can pass, then yes. Just make the other side of the VPN a different zone then apply the policies based on zone of VPN and end users, etc.

 

Hope that helps.

yes VPN has two zones one for user traffic coming from our side then tunnel zone going to vendor.

I need to apply on our zone user id not the source subnets as they are many.

 

 

MP

Help the community: Like helpful comments and mark solutions.

@MP18,

You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea. 

 

If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any. 

You got it what i want was user names under user in the security policy.

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 1984 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!