01-31-2019 08:51 PM
Need to know is it possible to use Site to Site IPSEC with Cisco ASA and use USer id instead of source address in the Palo Alto?
What we want is instead of source IP address we can config the user id.
02-01-2019 08:02 PM
You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea.
If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any.
02-01-2019 01:46 PM
Hello,
Can you expand you your question? If you mean what traffic can pass, then yes. Just make the other side of the VPN a different zone then apply the policies based on zone of VPN and end users, etc.
Hope that helps.
02-01-2019 03:25 PM
yes VPN has two zones one for user traffic coming from our side then tunnel zone going to vendor.
I need to apply on our zone user id not the source subnets as they are many.
02-01-2019 08:02 PM
You'll actually have to spend more time detailing what exactly you want here; because I've now read this a few times and I frankly still have no idea.
If you want user-id for an entire zone, you simply enable user-id on the zone configuration and leave the default 'Included Networks' set to any.
02-01-2019 08:06 PM
You got it what i want was user names under user in the security policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
