pix 515 and group-policy

barbara.costantini · ‎07-20-2008

Hello,

how many group-policy can I configure on PIx 515E with release 7.x?

Thanks in advance

B.

a.alekseev · ‎07-21-2008

What are you warried about?

barbara.costantini · ‎07-22-2008

The number of group-policy is important for me because I've many vpn-client sessions that refer to only one vpn-group.

By radius I authenticate the user and I send to pix the name of group policy that contains the specific address-pool and the split-tunneling acl.

In this way I can associate per-user the address-pool and the split-acl.

The best way would be to have only one group-policy and to send by radius the name of addrress pool and the name of split acl but the pix seems no support these parameters.

Thanks B

Farrukh Haroon · ‎07-22-2008

But why do you want to assign different IP Pools for 'each user'?

Regards

Farrukh

barbara.costantini · ‎07-23-2008

I must assign a different pool address because in the second level firewall connected to the pix I have only IP address to identify the users

Farrukh Haroon · ‎07-23-2008

Well then you can use a DHCP server also (instead of AAA).

Regards

Farrukh

barbara.costantini · ‎07-24-2008

I haven't a dhcp server and I wouldn't to set the pix as dhcp .

Farrukh Haroon · ‎07-21-2008

Well it should be at least as much as the 'No of VPN Tunnels' supported on the box.

Regards

Farrukh