×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX and VPN Client policy

Unanswered Question
Feb 27th, 2002
User Badges:

Hi all,


can i assign a particular policy to a user that connects to my network with my PIX using VPN Client (which type of VPN Client?) ?

I think that i can do that with VPN Concentrator but can i do with PIX too?

Or can i assign a particular IPs to my managers, so can make access lists for them?


Thanks,


King Regards,


Riccardo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pdentico Wed, 02/27/2002 - 09:02
User Badges:

The Pix uses the "vpngroup" command in much the same way the Concentrator uses groups. You can set up multiple pools and assign them to different group names to build your access-lists from. You would need to use the Cisco Unified Client, which is actually the same as the concentrator client.

rbaldanzi Wed, 02/27/2002 - 09:31
User Badges:

Thank you,


but how can i distinguish user by user?

how can i tell that the user "rick" has the IP 10.1.1.10 and can go only to 10.1.10.20 and that thet user "richard" can go anywhere?

i have to insert user into PIX?

Can i use and external DB (like MS Active Directory)?


Rick

pdentico Wed, 02/27/2002 - 09:50
User Badges:

Do you need each user to have different access or can each user be place in a group. On the client it uses the group name and password to "authenticate" to the PIX.


You could for example create an ip pool in the 192.168.10.x subnet. In the vpngroup command you specify the name of this pool. In your access-list you allow 192.168.10.x to get to what you want. Then create another pool for another group.


This link might give you some further insight os to how the client is setup.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/basclnt.htm#xtocid10

Actions

This Discussion