PIX and VPN Client policy

rbaldanzi · ‎02-27-2002

Hi all,

can i assign a particular policy to a user that connects to my network with my PIX using VPN Client (which type of VPN Client?) ?

I think that i can do that with VPN Concentrator but can i do with PIX too?

Or can i assign a particular IPs to my managers, so can make access lists for them?

Thanks,

King Regards,

Riccardo

pdentico · ‎02-27-2002

The Pix uses the "vpngroup" command in much the same way the Concentrator uses groups. You can set up multiple pools and assign them to different group names to build your access-lists from. You would need to use the Cisco Unified Client, which is actually the same as the concentrator client.

rbaldanzi · ‎02-27-2002

Thank you,

but how can i distinguish user by user?

how can i tell that the user "rick" has the IP 10.1.1.10 and can go only to 10.1.10.20 and that thet user "richard" can go anywhere?

i have to insert user into PIX?

Can i use and external DB (like MS Active Directory)?

Rick

pdentico · ‎02-27-2002

Do you need each user to have different access or can each user be place in a group. On the client it uses the group name and password to "authenticate" to the PIX.

You could for example create an ip pool in the 192.168.10.x subnet. In the vpngroup command you specify the name of this pool. In your access-list you allow 192.168.10.x to get to what you want. Then create another pool for another group.

This link might give you some further insight os to how the client is setup.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/basclnt.htm#xtocid10