10-30-2001 11:54 PM - edited 02-21-2020 11:28 AM
Hello! We're now using a PIX525, CiscoSecure ACS server for WinNT, VPN client 3.0.2 to build up a VPN enviroment for a large IDC. Since there are different groups of customer and should be permitted to access only their own group of servers, so the question is how to realize that by using current tools on hand? Can we use ACS server for VPN user authorization, or the clients can only be seperated by assigning an IP address belongs to different subnet when setting up VPN tunnel???
Pls advise, thanks!
11-05-2001 09:24 PM
Since you are using Client 3.0.2 you could assign the different customers to different groups, and assign them to different ip address pools as well. With xauth using CSNT, you could as well pass the filter id (ie acl name that is already defined in PIX), for individual groups, to limit their access to certain subnets/resources in the network.
11-08-2001 10:37 PM
Thanks for your comments. Several of my friends also advise me try to pass acl thru ACS server to VPN client, maybe due to wrong configuration on ACS server, I failed to do so. Do you have a little more detailed instructions on how to config Cisco ACS server? So I can follow.......
BTW, could you pls tell me your mail address, so that we may discuss directly.
Again, thanks for your kindly help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide