Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

Remote IP Sec - Restricting Acess

nathan.deane
Level 1
Level 1

‎03-15-2005 01:45 AM

Hi,

I am designing a network which is to incorporate an IP Sec remote access solution utilising the Cisco VPN clients and a PIX 501.

one of the clients needs to be restricted to only 1 subnet at teh site with the PIX. Is there a way to restrict access to this subnet on the PIX.

My main questions in this area is that

1- he has no static IP configured on home DSL so this may change

2- out of the pool of private ips sitting on the firewall there is no garuntee he will get the same private ip all the time

any help is appreciated

Regards

Nathan

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎03-17-2005 01:15 AM

Hi nathan

since he will get dynamic IPs, u cannot control over ip address... anyway , u can do the following:

1) assign a seperate group, only for this user.. give access to the subnet on this group, which is required by the user, using appropriate nat 0 and ACL statements..

2) user authentication is global.. so, he can have his own username and password...

here is an example.. say the username is nathan, password password...

username nathan password password

vpngroup abcvpn address-pool vpnpool

vpngroup abcvpn split-tunnel 100

vpngroup abcvpn idle-time 1800

vpngroup abcvpn password ********

ip local pool vpnpool 10.1.1.1-10.1.1.1

access-list 100 permit ip host 192.168.180.2 host 10.1.1.1

nat (inside) 0 access-list 100

you can have the other users on some other group and give appropriate access on that group...

if u have a ACS group, u can just have a group and manipulate the access user based.

hope this helps.. rate replies if found useful

Raj

0 Helpful
Customers Also Viewed These Support Documents