PIX Hardware Question
Posted on 2008-11-14
I have several VPN users on my PIX515. Some are allowed to connect to the 192.168.10.x range and others only the 192.168.11.x range.
So my question is this, I have an access list set up for the 10 range that looks like this:
access-list 102 permit ip 192.168.11.0 255.255.255.0 192.168.2.0 255.255.255.0
BUT! I want to add another user, and I don't want him to have access to the WHOLE 11 range, just one machine (i.e. 192.168.11.11). Am I correct in guessing that the only way to do this is to create a new access list along the lines of
access-list 103 permit ip host 192.168.11.11 192.168.2.0 255.255.255.0
and assign just him to it? I was hoping it might be easier, but I can't think of another way to do it.