Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

need advice on how to limit 3rd party access through VPN

Greetings,

We need to limit the access of a 3rd party vendor through our PIX VPN to a few specific servers. Aside from doing tacacs or radius , is there any way to limit their access locally on the pix based on the login credentials ? ( cant filter by ip address, the vendors IP address is a mobile user )

any advice would be greatly appreciated....

1 REPLY
Bronze

Re: need advice on how to limit 3rd party access through VPN

Hi,

Other than the methods that you already know, you can use two other approaches:

1)Split tunnel list

2)Use of inbound ACL on the inside/dmz interface of PIX to restrict access so that traffic from particular servers is only permitted for a particular group.

1)Split tunnel list will cause client PCs not able to send traffic across the tunnel which you dont them to send, so you will configure a separate group for 3rd party vendor, and then use the split tunnel in that group.

2)Again you would wanna create a group, and then use a different pool of IPs for them, and then based on this pool, configure Interface ACL on the inside/dmz of PIX so that they are restricted to some hosts on the inside/dmz.

Regards,

Afaq

134
Views
0
Helpful
1
Replies