Multiple PPTP Group Policies in PIX

Discussion in 'Cisco' started by Irving, Nov 26, 2004.

  1. Irving

    Irving Guest

    We are currently using PIX 506 with VPN support to allow PPTP to
    connect and everything is working very well (insert "Kiss of Death"
    here).

    We are now trying to seperate different VPN groups. For example, we
    have a sales group that we would like to use the IP Address pool
    "sales-pool". Where as developers would use "Dev-pool", etc.

    We have created the various pools and we can connect successfully with
    the new usernames but we find that we always get an IP Address in the
    main group.

    How do you associate a username with a group?

    Thanks in advance,
    Irving
     
    Irving, Nov 26, 2004
    #1
    1. Advertisements

  2. :We are currently using PIX 506 with VPN support to allow PPTP to
    :connect and everything is working very well (insert "Kiss of Death"
    :here).

    :We are now trying to seperate different VPN groups. For example, we
    :have a sales group that we would like to use the IP Address pool
    :"sales-pool". Where as developers would use "Dev-pool", etc.

    :We have created the various pools and we can connect successfully with
    :the new usernames but we find that we always get an IP Address in the
    :main group.

    :How do you associate a username with a group?

    You just -might- be able to do it by using

    vpdn group GROUPNAME localname USERNAME in conjunction with
    vpdn gorup GROUPNAME client configuration address local POOLNAME

    But I don't really expect that to work.


    I would suggest not using PPTP and instead using the Cisco VPN client
    and giving each of the groups a different groupname. The local pool
    chosen for a vpngroup can be dependant on the group.

    If the remote users are using XP then you could (as I recall) also use
    IPSec.
     
    Walter Roberson, Nov 26, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.