Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access control on VPN

Hi,

We currently have remote access vpn in place and working fine. What I now what to do is to restrict access for a particular external client to a single host within our network, while still allowing full access to everyone else. Is this achieveable?? The particular client is using Win2000 pro.

Thanks

6 REPLIES
New Member

Re: Access control on VPN

You’ll have to use AAA (XAUTH) to authorize what that user can and cannot access. Cisco Secure ACS is a good AAA server.

New Member

Re: Access control on VPN

As another alternative on a pix you can setup multiple ip pools and assign them to different "vpngroups". Then you can create access-lists based on the ip pools.

Hope this helps.

New Member

Re: Access control on VPN

If you setup multiple ip pools, would you need to add them both to the isakmp client ip config??

New Member

Re: Access control on VPN

No the 3.x client does not need that command. It gets the ip address from the vpngroup command.

New Member

Re: Access control on VPN

Thank you very much for your help guys:-)

New Member

Re: Access control on VPN

You can also use the same IP pool but assign a different Split Tunnel to the group.

113
Views
0
Helpful
6
Replies
CreatePlease login to create content