Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

2 vpn group for different purpose in Pix Firewall

Unanswered Question
Jul 11th, 2003
User Badges:


I'm trying to configure 2 group of user who will access different servers in different segment. Anyone have any idea or implement before? I try to search for the documentation but could not find any? Appreatiate your help and thanks in advance.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Fri, 07/11/2003 - 19:51
User Badges:
  • Cisco Employee,

Just create two set's of "vpngroup" commands using different group names. Assign each of these different groups a different IP address pool within the PIX. Then you can set up access-lists on your internal network to only allow each pool of addresses access to certain internal hosts.

Similarly, you could assign each group a specific split-tunnel network list, and only allow each group access to certain internal hosts that way.

Iske Thu, 07/17/2003 - 04:19
User Badges:

and what about the

isakmp client configuration address-pool local dealer outside

one can only add one pool, so what is this for ?

thanks uli

gfullage Thu, 07/17/2003 - 15:39
User Badges:
  • Cisco Employee,

You don't need this command if you're using the VPN Client. Just do the following to assign two different IP pools:

vpngroup group1 address-pool ippool1

vpngroup group2 address-pool ippool2

ip local pool ippool1

ip local pool ippool2


This Discussion