Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing a specific VPN IP to a subnet

I have a working PPTP VPN in place with a PIX 515. Is there a way to limit a particular public IP address (a vpn client) to only be able to access one particular subnet in the enterprise? I can't quite figure out what combination of configuration lines I need to add to the pix. The destination network is two hops away from the subnet the PIX resides on.

Thanks for any direction.

2 REPLIES
Silver

Re: Allowing a specific VPN IP to a subnet

You should consider working with a specific access-list for this purpose.

New Member

Re: Allowing a specific VPN IP to a subnet

You can remove the sysopt connection permit-pptp command from the pix (this command allows PPTP traffic to bypass the access-list on the outside interface) and add in specific lines to your outside interface access-list for the PPTP pool to the internal network.

129
Views
0
Helpful
2
Replies
CreatePlease login to create content