• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

PIX Hardware Question

I have several VPN users on my PIX515.  Some are allowed to connect to the 192.168.10.x range and others only the 192.168.11.x range.

So my question is this, I have an access list set up for the 10 range that looks like this:

access-list 102 permit ip

BUT!  I want to add another user, and I don't want him to have access to the WHOLE 11 range, just one machine (i.e.  Am I correct in guessing that the only way to do this is to create a new access list along the lines of

access-list 103 permit ip host

and assign just him to it?   I was hoping it might be easier, but I can't think of another way to do it.

Thanks anyone!
1 Solution
You could set up a split tunnel configuration for the one user that only tunnels traffic for the one IP address you want him to access.  For example:

access-list splitTunnelAcl permit ip any
vpngroup restricted_user split-tunnel splitTunnelAcl

Of course, you would also need the other "vpngroup" commands for this new VPN group, but you could copy your current values into statements for this new group.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now