PA to Cisco ASA Site to Site IPSEC with source as user id instead of IP address

Reply
Highlighted
Cyber Elite

PA to Cisco ASA Site to Site IPSEC with source as user id instead of IP address

Need to know  is it possible to use Site to Site IPSEC with Cisco ASA and use USer id  instead of source address in the Palo Alto?

 

What we want is instead of source IP address we can config the user id.

 

 

 

MP

Accepted Solutions
Highlighted
Cyber Elite

@MP18,

You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea. 

 

If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any. 

View solution in original post


All Replies
Highlighted
Cyber Elite

Hello,

Can you expand you your question? If you mean what traffic can pass, then yes. Just make the other side of the VPN a different zone then apply the policies based on zone of VPN and end users, etc.

 

Hope that helps.

Highlighted
Cyber Elite

yes VPN has two zones one for user traffic coming from our side then tunnel zone going to vendor.

I need to apply on our zone user id not the source subnets as they are many.

 

 

MP
Highlighted
Cyber Elite

@MP18,

You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea. 

 

If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any. 

View solution in original post

Highlighted
Cyber Elite

You got it what i want was user names under user in the security policy.

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!