<div>
<div class="content wysiwyg-content">
I have several VPN users on my PIX515. &nbsp;Some are allowed to connect to the 192.168.10.x range and others only the 192.168.11.x range.<br />
<br />
So my question is this, I have an access list set up for the 10 range that looks like this:<br />
<br />
access-list 102 permit ip 192.168.11.0 255.255.255.0 192.168.2.0 255.255.255.0<br />
<br />
BUT! &nbsp;I want to add another user, and I don't want him to have access to the WHOLE 11 range, just one machine (i.e. 192.168.11.11). &nbsp;Am I correct in guessing that the only way to do this is to create a new access list along the lines of<br />
<br />
access-list 103 permit ip host 192.168.11.11 192.168.2.0 255.255.255.0<br />
<br />
and assign just him to it? &nbsp; I was hoping it might be easier, but I can't think of another way to do it.<br />
<br />
Thanks anyone!<br />

</div>
</div>


I have several VPN users on my PIX515.  Some are allowed to connect to the 192.168.10.x range and others only the 192.168.11.x range.

So my question is this, I have an access list set up for the 10 range that looks like this:

access-list 102 permit ip 192.168.11.0 255.255.255.0 192.168.2.0 255.255.255.0

BUT!  I want to add another user, and I don't want him to have access to the WHOLE 11 range, just one machine (i.e. 192.168.11.11).  Am I correct in guessing that the only way to do this is to create a new access list along the lines of

access-list 103 permit ip host 192.168.11.11 192.168.2.0 255.255.255.0

and assign just him to it?   I was hoping it might be easier, but I can't think of another way to do it.

Thanks anyone!


PIX Hardware Question

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.