07-11-2003 05:54 AM - edited 02-21-2020 12:39 PM
Hi,
I'm trying to configure 2 group of user who will access different servers in different segment. Anyone have any idea or implement before? I try to search for the documentation but could not find any? Appreatiate your help and thanks in advance.
regards,
Sam
07-11-2003 07:51 PM
Just create two set's of "vpngroup" commands using different group names. Assign each of these different groups a different IP address pool within the PIX. Then you can set up access-lists on your internal network to only allow each pool of addresses access to certain internal hosts.
Similarly, you could assign each group a specific split-tunnel network list, and only allow each group access to certain internal hosts that way.
07-17-2003 04:19 AM
and what about the
isakmp client configuration address-pool local dealer outside
one can only add one pool, so what is this for ?
thanks uli
07-17-2003 03:39 PM
You don't need this command if you're using the VPN Client. Just do the following to assign two different IP pools:
vpngroup group1 address-pool ippool1
vpngroup group2 address-pool ippool2
ip local pool ippool1 10.1.1.1-10.1.1.254
ip local pool ippool2 10.2.2.1-10.2.2.254
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide