Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN to PIX 515 allowing only one host access

I have already setup on my PIX 515 a VPN connection that allows user to connect to our network via a cisco VPN client to access network resources.

What I want to setup now is another VPN connection that external users can use but would only allow access to one host.

Ex. I would VPN in to my site but would only be allowed to access 10.1.1.1 on my network.

How can I do this? Do I need to setup another VPNGROUP and somehow setup an access list to only allow traffic to one host. Can someone help with the correct syntax for the PIX.

Thanks,

Scott

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN to PIX 515 allowing only one host access

You'll currently have a bunch of "vpngroup " commands in your PIX, simply go into config mode and add more "vpngroup" commands but with a different groupname. The VPN client then uses this group name to connect to the PIX.

Another way to only allow access to one host for this PIX is to do split tunnelling on this group, and in the split tunnel ACL only define that one host.

3 REPLIES
Bronze

Re: VPN to PIX 515 allowing only one host access

Hi,

Just configure another group on the pix with a separate pool of ip address(subnet), and then configure an inbound acl on the inside interface to restrict traffic for those users to one host.

Thx

Afaq

New Member

Re: VPN to PIX 515 allowing only one host access

How do I create another VPNGROUP. I see the how to set the options but not how to create it.

Thanks,

Scott

Cisco Employee

Re: VPN to PIX 515 allowing only one host access

You'll currently have a bunch of "vpngroup " commands in your PIX, simply go into config mode and add more "vpngroup" commands but with a different groupname. The VPN client then uses this group name to connect to the PIX.

Another way to only allow access to one host for this PIX is to do split tunnelling on this group, and in the split tunnel ACL only define that one host.

156
Views
0
Helpful
3
Replies
CreatePlease to create content