I'm asked to find out how to support several groups of users (each with their own login-password), setting up PPTP tunnels to a PIX. The purpose is that the capabilities of the users at the inside are different (e.g. some can only do browser actions on a given address, whereas others should be able to access some internal servers).
I have PIX 515 without any additional equipment.
At the outside, a trunk delivers several VLANs, coming from WLAN Access Points.
Dividing the users in groups, it may be possible to ensure that the different user groups are in different VLANs, if that would help.
I have been looking at the vpdn-group configuration,
to check whether different vpdn-group assignment can be obtained for the login-password authentication, but so far all pptp tunnels were assigned to the first vpdn group with pptp dialin.
Logins and passwords are stored in the pix for local authentication.
Can anyone tell whether this is possible, and if so, how ?