PIX Hardware Question

I have several VPN users on my PIX515.  Some are allowed to connect to the 192.168.10.x range and others only the 192.168.11.x range.

So my question is this, I have an access list set up for the 10 range that looks like this:

access-list 102 permit ip

BUT!  I want to add another user, and I don't want him to have access to the WHOLE 11 range, just one machine (i.e.  Am I correct in guessing that the only way to do this is to create a new access list along the lines of

access-list 103 permit ip host

and assign just him to it?   I was hoping it might be easier, but I can't think of another way to do it.

Thanks anyone!
Who is Participating?
batry_boyConnect With a Mentor Commented:
You could set up a split tunnel configuration for the one user that only tunnels traffic for the one IP address you want him to access.  For example:

access-list splitTunnelAcl permit ip any
vpngroup restricted_user split-tunnel splitTunnelAcl

Of course, you would also need the other "vpngroup" commands for this new VPN group, but you could copy your current values into statements for this new group.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.