PIX Firewall MAC address VPN IP address

Hi there,

Would it be possible for a PIX 515e to have IP address reservation for the VPN users based on the MAC address of the remote user?

Thank you,

Julian Dragut

Reply to
Julian Dragut
Loading thread data ...

Not in PIX 6.x, and I would think it unlikely in PIX 7.0.

IPSec encapsulates content at the IP level, and the IP level does not include MAC addresses.

If there is any way to get at the MAC address in PIX 6.x, it would have to be via RADIUS or TACACS+ -- I don't know what information is potentially available for them. It doesn't matter in PIX 6.x as RADIUS and TACACS+ cannot be used for IP selection in PIX 6.x.

PIX 7.0 does not appear to support EAP or LEAP authentication. It does support LDAP; I don't know if LDAP carries the MAC as one of the attributes. I wouldn't -expect- IP addresses to be selectable that way anyhow.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.