PIX Firewall MAC address VPN IP address

- J
- Julian Dragut
  
  Contact options for registered users
posted
18 years ago

Tue, Feb 7, 2006 6:36 AM

Hi there,

Would it be possible for a PIX 515e to have IP address reservation for the VPN users based on the MAC address of the remote user?

Thank you,

Julian Dragut

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Feb 7, 2006 7:57 AM

Not in PIX 6.x, and I would think it unlikely in PIX 7.0.

IPSec encapsulates content at the IP level, and the IP level does not include MAC addresses.

If there is any way to get at the MAC address in PIX 6.x, it would have to be via RADIUS or TACACS+ -- I don't know what information is potentially available for them. It doesn't matter in PIX 6.x as RADIUS and TACACS+ cannot be used for IP selection in PIX 6.x.

PIX 7.0 does not appear to support EAP or LEAP authentication. It does support LDAP; I don't know if LDAP carries the MAC as one of the attributes. I wouldn't -expect- IP addresses to be selectable that way anyhow.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.