cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
312
Views
0
Helpful
2
Replies

Terminate VPN on PIX Third Interface

david
Level 1
Level 1

I have a remote vendor who only needs to connect to a specific system located on the DMZ segment that hangs off of a third interface on my PIX 515. Has anyone setup a VPN group to allow users to connect to the DMZ without allowing access into the inside segment?

2 Replies 2

awaheed
Cisco Employee
Cisco Employee

Hi,

This should be possible if you specifically disallow client addresses to come through the inside interface.

Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-=-

pdentico
Level 1
Level 1

I am assuming that this vendor will be connecting with the cisco client.

You can create a new ip pool that you assign specifically to the VPN group you setup for this user or users. Then in the access-list only allow access to the system on the DMZ.