pix 506e vpn policies

Need some help....So i was able to setup our pix firewall for our employees to access needed resources on our network. Now, my boss said it is not secure enough. Meaning, if an employee can vpn in, they can map to any server on the network. How can i setup a policy to give only certain users folder level access. Meaning, we only want to give them access to a particular folder they need and thats it. Anybody know how to do this? Can you even do it at the firewall level?

If you setup an IPsec (tunnel) VPN connection for your remote users, which it sounds like you have; you are experiencing one of the down-sides of utilizing this solution. When users VPN into your organization via an IPsec tunnel, they essentially become a node on your network, just as if they were in the office. So your boss has legitimate reason for concern.

This being said; if you have proper NTFS and sharing permissions established on your files/folders, then as stated above, they will be treated as if they were in the office, and whatever permissions are assigned to them, should carry through.

Your other option is an SSL based VPN for your remote users. While not as versatile as IPsec, it does have it's advantages. One of which is the client does not become a "node" on your network.

Cheers.