In the existing methods which are applicable to Vertual Private Networks (VPNs) having hierarchical structure, an administrator of each VPN gateway (VGW) has to make user accounts to each VGW and to add user names to access control rules when user-based access control feature is required. Therefore, configuring access control rules becomes considerably complex, and the cost of user management also becomes considerably large if the users of other organizations are allowed to access temporarily. In this paper, we propose an access control method with certificates. With our method, the users of other organizations can access temporarily without accounts on each VGW by using certificates issued by their organizations. Moreover, By introducing user grouping, the cost of configuring access control rules is reduced.