Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access right for different VPN users

Hi there,

I got a PIX 501 implemented with IPSec VPN. Our customer would like to grand access control for different VPN users. They would allow a group of users to access DB server, while the other VPN users cannot access. May I ask that is there any method to achieve this goal?

thanks a lot

David

2 REPLIES
New Member

Re: Access right for different VPN users

Yup sure can...

You can do it by disabling "sysopt connection permit-ipsec" then assigning different address pools to different groups and allow access to the devices just as a normal access-list on the outside interface.

Another option is to use per user acl's using XAUTH.

See: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml

(downloadable acls)

New Member

Re: Access right for different VPN users

I have this working by configuring different vpnd grups, ip local pools and acl's.

Pix version 6.3.x and vpn client 4.0.

If you need configuration setting samples, let me know.

Regards,

Carlos Roque

194
Views
0
Helpful
2
Replies
CreatePlease to create content