ACLs

majunior882 · ‎01-28-2005

How can I restrict access to certain clients?

I have a Cisco 2621 router as the vpn server and I am wanting to control access somehow. I have been told that I can link a username to a group and then to an IP pool, but I can't seem to find how to do that.

Anyhelp would be appreciated.

ehirsel · ‎01-31-2005

This link may be of help:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:IPSec&s=Implementation_and_Configuration#Samples_and_Tips

There is a section titled "IPSec on Router to Cisco Secure VPN Client" that ought to give you the info that you are looking for.

Let me know if you need any more help.

majunior882 · ‎02-01-2005

Sadly, I can't use most of that because I can't set it up for the Cisco Client software, the people that are going to be VPNing only want to use the Windows client.

I was thinking about making subinterfaces out of the outbound ethernet port and assigning different pools to different public IPs. The only problem with this is, I don't know how the building has the switch set up that I am connecting to, it may not be able to allow subinterfaces out. Or would it even matter?

ehirsel · ‎02-03-2005

Is there an AAA server available, such as the Cisco ACS, Microsoft ISA, or other radius server? The AAA server can be used to validate VPDN (i.e. PPTP, L2TP) as well as IPSec vpn connections. It is the authorization part of AAA that allows the restrictions that you are looking for.

Let me know if this was of any help.

majunior882 · ‎02-03-2005

Sadly, I don't have another box that I can set aside for that. I do however have a PIX515 that is connected to the router. Could I do the AAA off either the router or the firewall?