Cisco PIX 515, RAS and access control

Hi there,

I have a PIX 515 which currently has a RAS policy on it for remote administration of said PIX. Is it possible to add a second RAS policy for a third party, but this policy will be restricted so they can only access one internal device. I have tried adding a second RAS policy using the RAS wizard in PDM 3.0 - this seemed to be successful, no errors. When I connect using Cisco VPN client to the original remote administration group, it all works fine. When I connect to the new group, the client times out saying the peer is not responding and there is nothing in the debug crypto on the PIX.

Is there something I am missing? Is there a better way to define access control over RAS VPN tunnels for different users?

Any advice greatly appreciated.

regards

Chris Geary

Reply to
Chris Geary
Loading thread data ...

I think it would be better to assign them an internal IP (from the pool you have defined) then put an acl on the IP address...There are other ways to. What exactly do you mean by "RAS" are you using PPTP or IPSec?

Michael

Reply to
Michael Pelletier

Thanks Michael,

by RAS I mean the IPsec facility within PIX. How would I assign a user an ip address within the pool?

cheers

Chris

Reply to
chrisgeary

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.