01-28-2005 12:02 PM
How can I restrict access to certain clients?
I have a Cisco 2621 router as the vpn server and I am wanting to control access somehow. I have been told that I can link a username to a group and then to an IP pool, but I can't seem to find how to do that.
Anyhelp would be appreciated.
01-31-2005 06:33 AM
This link may be of help:
There is a section titled "IPSec on Router to Cisco Secure VPN Client" that ought to give you the info that you are looking for.
Let me know if you need any more help.
02-01-2005 06:17 AM
Sadly, I can't use most of that because I can't set it up for the Cisco Client software, the people that are going to be VPNing only want to use the Windows client.
I was thinking about making subinterfaces out of the outbound ethernet port and assigning different pools to different public IPs. The only problem with this is, I don't know how the building has the switch set up that I am connecting to, it may not be able to allow subinterfaces out. Or would it even matter?
02-03-2005 07:50 AM
Is there an AAA server available, such as the Cisco ACS, Microsoft ISA, or other radius server? The AAA server can be used to validate VPDN (i.e. PPTP, L2TP) as well as IPSec vpn connections. It is the authorization part of AAA that allows the restrictions that you are looking for.
Let me know if this was of any help.
02-03-2005 08:59 AM
Sadly, I don't have another box that I can set aside for that. I do however have a PIX515 that is connected to the router. Could I do the AAA off either the router or the firewall?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: