Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is it possible for MS IAS radius to assign the local ip pool to use for vpn users in Pix 7.0(1)?I would like to assing different subnets to each class of vpn user without using separate tunnel-groups and pre-shared-keys.I've tried a few different avp...
We are using M$ IAS for VPN authentication and are trying to get our ACLs tightened up a bit.Is it possible to restrict access to specific ports in dowmloadable ACLs?For testing purposes, I am trying to limit traffic to just dns queries.As you can se...
Yes, we have a remote site with a modem connected to the console port of the Pix. That phone line is also their fax line so its not permanently connected. I have to call them to get it plugged in, but works great. It made my life easier when they ...
here is a sample of the acls I am using (this is for PixOS 7.0(1), but it works for 6.3(4) as well).Outside address of Remote network: DHCPInside Subnet of Remote network: 172.16.0.0/24Inside Subnets of Local network that Remote network needs access ...
Yes. Use a rollover cable between the modem and the console port, setup the modem to answer calls (consult the modem docs for the correct dipswitch settings) and make sure the speed between the pix and the modem is set for 9600 baud.The follwing lin...
Actually, 'sysopt connection permit-ipsec' is not a must. With 'sysopt connection permit-ipsec', interface ACLs are ignored. If you issue 'no sysopt connection permit-ipsec', you need to create an ACL on the inbound interface to allow ipsec traffic...
IAS is setting the correct acl. This is defined by giving the Cisco-AV-Pair attribute the value of acl= in the Remote Access Policy.This is working fine but the current acls consist of 'permit ip VPN-USER-NET 255.255.255.0 any', which is far from id...
