Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
2
Replies

Access right for different VPN users

dhcchan
Level 1
Level 1

‎01-01-2004 07:57 PM

Hi there,

I got a PIX 501 implemented with IPSec VPN. Our customer would like to grand access control for different VPN users. They would allow a group of users to access DB server, while the other VPN users cannot access. May I ask that is there any method to achieve this goal?

thanks a lot

David

Labels:
0 Helpful
2 Replies 2

jasobrown
Level 1
Level 1

‎01-01-2004 09:35 PM

Yup sure can...

You can do it by disabling "sysopt connection permit-ipsec" then assigning different address pools to different groups and allow access to the devices just as a normal access-list on the outside interface.

Another option is to use per user acl's using XAUTH.

See: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml

(downloadable acls)

0 Helpful

minoc
Level 1
Level 1

‎01-10-2004 02:50 PM

I have this working by configuring different vpnd grups, ip local pools and acl's.

Pix version 6.3.x and vpn client 4.0.

If you need configuration setting samples, let me know.

Regards,

Carlos Roque

0 Helpful
Customers Also Viewed These Support Documents