Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
3
Helpful
3
Replies

Access Control to Hosts on the inside of a VPN

csturmey
Level 1
Level 1

‎03-22-2005 02:44 AM

I have a PIX 515 to which I am connecting via a Client to Site (PPTP). On the inside network I have a list of hosts to which I want the client to have access. I do not want them to be able to gain access to the whole internal network.

Is it possible to pass traffic that exits the tunnel, through ACLs?

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎03-24-2005 01:30 AM

in case you have a ACS you can have static IPs for each user and authorize the user to access certain hosts only.. for PPTP its tough otherwise..

In case you have IPSEC tunnels, you can have different groups and give access to each group without ACS.. u just need to play with ACL's ..

Raj

csturmey
Level 1
Level 1
In response to sachinraja

‎03-24-2005 12:07 PM

Thanks for that. I think the situation that I have may be easier. It will be the same hosts for all users so I don't need to differentiate between them.

What appears to happen is that the VPN is terminated on the inside of the access lists and I therefore have no control.

0 Helpful

jasobrown
Level 1
Level 1
In response to csturmey

‎03-28-2005 07:18 PM

Remove the sysopt connection permit-pptp and then use the ACL on the "outside" interface to control the traffic.

0 Helpful
Customers Also Viewed These Support Documents