Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
3
Replies

2 vpn group for different purpose in Pix Firewall

ccsam
Level 1
Level 1

‎07-11-2003 05:54 AM - edited ‎02-21-2020 12:39 PM

Hi,

I'm trying to configure 2 group of user who will access different servers in different segment. Anyone have any idea or implement before? I try to search for the documentation but could not find any? Appreatiate your help and thanks in advance.

regards,

Sam

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎07-11-2003 07:51 PM

Just create two set's of "vpngroup" commands using different group names. Assign each of these different groups a different IP address pool within the PIX. Then you can set up access-lists on your internal network to only allow each pool of addresses access to certain internal hosts.

Similarly, you could assign each group a specific split-tunnel network list, and only allow each group access to certain internal hosts that way.

0 Helpful

Iske
Level 1
Level 1
In response to gfullage

‎07-17-2003 04:19 AM

and what about the

isakmp client configuration address-pool local dealer outside

one can only add one pool, so what is this for ?

thanks uli

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to Iske

‎07-17-2003 03:39 PM

You don't need this command if you're using the VPN Client. Just do the following to assign two different IP pools:

vpngroup group1 address-pool ippool1

vpngroup group2 address-pool ippool2

ip local pool ippool1 10.1.1.1-10.1.1.254

ip local pool ippool2 10.2.2.1-10.2.2.254

0 Helpful
Customers Also Viewed These Support Documents