control VPN user access

[APPmanDAN]

I'm wondering if it's possible to limit one VPN user's access while leaving default VPN access configuration in tact? I have a firewall that is on the edge of our external email infrustructure. The only people who VPN into this system are the administrators. I have been asked to grant VPN access for an outside vendor who is setting up our new website. I'd really like to limit that VPN user to at least the sub-interface/subnet the web servers he needs access to are on and not give him access to our whole external email infrustructure.

Is this possible? Could I use something like a priv level to do this?

Thanks for any help!

Dan

 

[APPmanDAN]

Forgot to mention, sice we have about 8 people only with VPN access, the username database is local on our Cisco ASA 5540.

 

[unclerico]

you configure an access-list and apply it to the vpn group-policy. you assign the vpn policy to the user account. make sure that you create a local account or a domain account and limit which systems he/she can log into because once he/she is on the web server he/she can connect to other systems from there

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)