Access control on VPN

saluko · ‎04-18-2002

Hi,

We currently have remote access vpn in place and working fine. What I now what to do is to restrict access for a particular external client to a single host within our network, while still allowing full access to everyone else. Is this achieveable?? The particular client is using Win2000 pro.

Thanks

k.poplitz · ‎04-24-2002

You’ll have to use AAA (XAUTH) to authorize what that user can and cannot access. Cisco Secure ACS is a good AAA server.

pdentico · ‎04-25-2002

As another alternative on a pix you can setup multiple ip pools and assign them to different "vpngroups". Then you can create access-lists based on the ip pools.

Hope this helps.

saluko · ‎04-25-2002

If you setup multiple ip pools, would you need to add them both to the isakmp client ip config??

pdentico · ‎04-25-2002

No the 3.x client does not need that command. It gets the ip address from the vpngroup command.

saluko · ‎04-30-2002

Thank you very much for your help guys:-)

HEATH FREEL · ‎04-26-2002

You can also use the same IP pool but assign a different Split Tunnel to the group.