I'm hoping I'm missing something obvious here...is there a good way to support SSL-VPN access for different types of users who require different access and use different authentication schemes? I am trying to setup multiple SSL-VPN tunnel configurations for different types of users. Initially, I was hoping to use a single SSL-VPN configuration and simply differentiate by user. However, it doesn't appear that PAN is setup in this fashion. My goal is to support different users have different authentication schemes and require different access (Employees versus Contractors). So, I set out to create a second SSL-VPN tunnel configuration. Unfortunately, I have hit a problem I don't know how to overcome: * First, I had to create a separate SSL-VPN tunnel to support different authentication profiles (Radius AND LocalDB) as well as to control access differently for each group. * Second, I had to create the new User Profiles * Third, to create a new SSL-VPN tunnel, I have to create a new tunnel interface and associate it with my zone of choice * Fourth (and this is the issue), I had to create a new IP address on my external interface. This is because I can't use the same IP address on the same external interface as is already used in the first SSL-VPN. (This is the selection on the "Choice" option of the "Gateway Address" configuration section in the Add/Edit SSL VPN dialog window). However, this fourth step is not possible (at least in my environment). I can't add a secondary address to the external interface in the same network as the first address (192.168.1.1/24 and 192.168.1.2/24 for example). And, since I don't have another network of addresses to use on the external interface, I am stuck. Any ideas? Thanks!
... View more