Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
3
Replies

VPN to PIX 515 allowing only one host access

Go to solution
boschrexroth
Level 1
Level 1

‎03-31-2003 01:34 PM - edited ‎02-21-2020 12:26 PM

I have already setup on my PIX 515 a VPN connection that allows user to connect to our network via a cisco VPN client to access network resources.

What I want to setup now is another VPN connection that external users can use but would only allow access to one host.

Ex. I would VPN in to my site but would only be allowed to access 10.1.1.1 on my network.

How can I do this? Do I need to setup another VPNGROUP and somehow setup an access list to only allow traffic to one host. Can someone help with the correct syntax for the PIX.

Thanks,

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to boschrexroth

‎03-31-2003 10:34 PM

You'll currently have a bunch of "vpngroup " commands in your PIX, simply go into config mode and add more "vpngroup" commands but with a different groupname. The VPN client then uses this group name to connect to the PIX.

Another way to only allow access to one host for this PIX is to do split tunnelling on this group, and in the split tunnel ACL only define that one host.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
afakhan
Level 4
Level 4

‎03-31-2003 01:42 PM

Hi,

Just configure another group on the pix with a separate pool of ip address(subnet), and then configure an inbound acl on the inside interface to restrict traffic for those users to one host.

Thx

Afaq

0 Helpful

Go to solution
boschrexroth
Level 1
Level 1
In response to afakhan

‎03-31-2003 01:49 PM

How do I create another VPNGROUP. I see the how to set the options but not how to create it.

Thanks,

Scott

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to boschrexroth

‎03-31-2003 10:34 PM

You'll currently have a bunch of "vpngroup " commands in your PIX, simply go into config mode and add more "vpngroup" commands but with a different groupname. The VPN client then uses this group name to connect to the PIX.

Another way to only allow access to one host for this PIX is to do split tunnelling on this group, and in the split tunnel ACL only define that one host.

0 Helpful
Customers Also Viewed These Support Documents