04-18-2002 12:13 AM - edited 02-21-2020 11:41 AM
Hi,
We currently have remote access vpn in place and working fine. What I now what to do is to restrict access for a particular external client to a single host within our network, while still allowing full access to everyone else. Is this achieveable?? The particular client is using Win2000 pro.
Thanks
04-24-2002 02:15 PM
Youll have to use AAA (XAUTH) to authorize what that user can and cannot access. Cisco Secure ACS is a good AAA server.
04-25-2002 05:47 AM
As another alternative on a pix you can setup multiple ip pools and assign them to different "vpngroups". Then you can create access-lists based on the ip pools.
Hope this helps.
04-25-2002 08:35 AM
If you setup multiple ip pools, would you need to add them both to the isakmp client ip config??
04-25-2002 10:03 AM
No the 3.x client does not need that command. It gets the ip address from the vpngroup command.
04-30-2002 12:31 AM
Thank you very much for your help guys:-)
04-26-2002 04:51 AM
You can also use the same IP pool but assign a different Split Tunnel to the group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide