Hello,
is it possible to have multiple ipsec mode configs with different networks to route to the ipsec clients, based on what xauth user is connecting without knowing their public IP?
The end goal is to have some road warriors that can access certain networks and others that can not using ipsec + mode config + xauth.

Thanks in advance

Currently it is not possible, but we have plans to implement such feature in near future, maybe even in 6.44.

Currently it is not possible, but we have plans to implement such feature in near future, maybe even in 6.44.

What's my option for the time being? Use the firewall?

Yes you can assign static IP address by modeconf and use firewall to limit/route traffic for specific IP.

Yes you can assign static IP address by modeconf and use firewall to limit/route traffic for specific IP.

Thank you for the insight, there's another thing related to this:
I would like to email the ipsec user connection and disconnection logs. I did it with l2tp using the logging email setting, but ipsec logs a lot of things under ipsec,info category including the connection string.
Is there a way to get only the connection log without all the rest of the ipsec data?

Please let me know if i have to open a new topic of this.

Not possible directly. Solution is to use remote syslog server or by scripts on the router, filter needed log entries and then email.