Cisco Pix 501 Firewall - assigning static IP to vpn client

I have a pix 501 firewall at location A. At location B (miles away), I am using a cisco vpn client to connect to that firewall.

In the pdm software, I have assigned a pool of ip addresses to give to each vpn client connecting to it. My pool is to

There's also a location C that might access location A through vpn. I need to have the pix assign a static ip to each of these locations A and B by knowing their MAC addresses. Is there a way I can do that?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.



You need to have more than just a 501 PIX to do that because you have lots of devices in between and it is hard for the small 501 PIX to know the mac address of those devices. But let me ask you this?
Why do you need to do that?

Hope this helps .
alateosAuthor Commented:
I need to have computer B access a file from computer C through the VPN. Therefore I don't want the ip to change every time computer B, C, D, or E connect.

  Network communications will not allow you to do that. From any source to destination, the IP address of source and destination remains the same but the MAC addresses change to that of the intermediate communication infrastructure. So say the network is like this;

PIX-------Router1-------------Router2---------Router3------------Router4---------VPN Client.

Where all the routers are in Internet. When VPN Client initiates traffic, all these routers pass the traffic upto PIX *ON BEHALF* of the VPN client so the MAC address will be changing from hop to hop. So finally when the request reaches PIX, the mac address will be that of Router1 and not that of VPN Client. So it won't be possible for you to do.


I reread your request again and i think if Computers A or B or C or even D are in the same logical grouping or domain. You sould be able to exchange files without any trouble.

If  PC B or C or D or  A are on the same domain...
They should share files if you have a share once the tunnel is up....
Hope this helps
The easiest way to achieve what you want is to just create a different VPN group for each location. Then assign a different pool of addresses to each group. Then set up your ACLs to allow each group to access different internal servers.
Easy peezy.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.