02-03-2003 04:00 PM - edited 02-21-2020 12:19 PM
I have a remote vendor who only needs to connect to a specific system located on the DMZ segment that hangs off of a third interface on my PIX 515. Has anyone setup a VPN group to allow users to connect to the DMZ without allowing access into the inside segment?
02-05-2003 03:33 PM
Hi,
This should be possible if you specifically disallow client addresses to come through the inside interface.
Hope this helps,
Thanks and Regards,
Aamir Waheed,
Cisco Systems, Inc.
CCIE#8933
-=-=-=-
02-06-2003 06:58 AM
I am assuming that this vendor will be connecting with the cisco client.
You can create a new ip pool that you assign specifically to the VPN group you setup for this user or users. Then in the access-list only allow access to the system on the DMZ.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide