Can I specify rules that limit Client VPN traffic?
We have work from home users connecting via Client VPN. I would like to restrict Client VPN connections so that the only thing they can do is RDP to their desktop that is in the office. Is there any way to configure rules on the MX to achieve this?
Of course, with every policy there has to be an exception. We have some users with corporate laptops that connect to the Client VPN, and they should be allowed to have more access. Is there any way that I can assign specific Client VPN IP to specific devices, and then assign alternate rules to those IP's?
When using the Microsoft VPN client to the MX (L2TP over IPSec) the only way is to assign group policies after they have connected once. The group policy can contain firewall rules. The group policy will stick each time they connect.
As mentioned by @ww , AnyConnect lets you define a default group policy, and if you are using RADIUS, you can configure a per user group policy as well.
Now that AnyConnect requires you to buy Cisco AnyConnect licences and be running MX16. The 16.x beta firmware runs really well.
In fact, I prefer 16.x over the current stable 15.44. I personally experience less issues with 16.12 than I do with 15.44 customers