Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
2
Replies

PIX feature

J_Vansen_S
Level 3
Level 3

‎08-08-2006 06:02 PM - edited ‎02-21-2020 01:06 AM

I have 2 groups of users: Management and Staff

These are the restrictions

Management:- NO access to VPN, Allow Surfing Internet

Staff:- Access to VPN only, no other internet access allowed

Does a Cisco Pix allow me to do that? If so, by what feature? ACL or etc?

0 Helpful
2 Replies 2

bwalchez
Level 4
Level 4

‎08-11-2006 10:43 AM

Split tunneling feature will fulfil your requirement

0 Helpful

fred.s.mollenkopf
Level 7
Level 7

‎08-11-2006 12:31 PM

Split-tunneling allows for certain traffic to be routed over the VPN and certain traffic to be routed out an interface unencrypted. This will not overall solve your problem. You would need to still apply ACLs upstream on the PIX to block Internet access for Staff and Management the split-tunnel wouldn't even apply. Static acls isn't scalable.

The feature you want to look at is AAA for Network Access (legacy IOS firewall it was called Auth-Proxy). This can be integrated with your Windows AD or RADIUS, etc. This can be further enhanced with Cisco ACS to use User downloaded acls (which can be specified at a group level).

Here is the link, look for the section Applying AAA for Network Access.

http://www.cisco.com/application/pdf/en/us/guest/products/ps6120/c2001/ccmigration_09186a0080641f89.pdf

Please rate any helpful posts

Thanks

Fred

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card