Showing results for 
Search instead for 
Did you mean: 



How can I restrict access to certain clients?

I have a Cisco 2621 router as the vpn server and I am wanting to control access somehow. I have been told that I can link a username to a group and then to an IP pool, but I can't seem to find how to do that.

Anyhelp would be appreciated.

4 Replies 4

Frequent Contributor
Frequent Contributor

This link may be of help:

There is a section titled "IPSec on Router to Cisco Secure VPN Client" that ought to give you the info that you are looking for.

Let me know if you need any more help.

Sadly, I can't use most of that because I can't set it up for the Cisco Client software, the people that are going to be VPNing only want to use the Windows client.

I was thinking about making subinterfaces out of the outbound ethernet port and assigning different pools to different public IPs. The only problem with this is, I don't know how the building has the switch set up that I am connecting to, it may not be able to allow subinterfaces out. Or would it even matter?

Frequent Contributor
Frequent Contributor

Is there an AAA server available, such as the Cisco ACS, Microsoft ISA, or other radius server? The AAA server can be used to validate VPDN (i.e. PPTP, L2TP) as well as IPSec vpn connections. It is the authorization part of AAA that allows the restrictions that you are looking for.

Let me know if this was of any help.

Sadly, I don't have another box that I can set aside for that. I do however have a PIX515 that is connected to the router. Could I do the AAA off either the router or the firewall?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers