PIX Firewall MAC address VPN IP address

Discussion in 'Cisco' started by Julian Dragut, Feb 7, 2006.

  1. Hi there,

    Would it be possible for a PIX 515e to have IP address reservation for the
    VPN users based on the MAC address of the remote user?

    Thank you,

    Julian Dragut
     
    Julian Dragut, Feb 7, 2006
    #1
    1. Advertisements

  2. In article <DwXFf.50831$>,
    Julian Dragut <> wrote:
    >Would it be possible for a PIX 515e to have IP address reservation for the
    >VPN users based on the MAC address of the remote user?


    Not in PIX 6.x, and I would think it unlikely in PIX 7.0.

    IPSec encapsulates content at the IP level, and the IP level
    does not include MAC addresses.

    If there is any way to get at the MAC address in PIX 6.x, it would have
    to be via RADIUS or TACACS+ -- I don't know what information is
    potentially available for them. It doesn't matter in PIX 6.x
    as RADIUS and TACACS+ cannot be used for IP selection in PIX 6.x.

    PIX 7.0 does not appear to support EAP or LEAP authentication.
    It does support LDAP; I don't know if LDAP carries the MAC as one
    of the attributes. I wouldn't -expect- IP addresses to be selectable
    that way anyhow.
     
    Walter Roberson, Feb 7, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.