Re: pptp on pix

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Fri Dec 01 2006 - 12:20:24 ART

• Next message: Marvin Greenlee: "Re: BGP Through PIX Question #1"
• Previous message: Victor Cappuccio: "RE: IP PIM NBMA-MODE"
• Maybe in reply to: Kal Han: "pptp on pix"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi.

You cannot do for PPTP something like "split-tunnel" as for Cisco VPN
clients. At least in 6.3 they don't have such a thing.

I don't know if RADIUS downloadable ACLs are valid here, have not tried
that myself. Or as per John's advise, limit PPTP pool to access certain
networks by ACL on inside interface.

A.

on 12/1/2006 4:23 AM Kal Han wrote:
> Hi
> After configuring pptp on pix, how can I allow clients to access only
> certain networks ?
>
> Should I not enable sysopt connection permit-pptp
> and use acls to handle ?
>
> The acl being permit from the pool address
> to whatever the "certain networks" are ?
>
> Or is there a way to set an acl for this purpose while configuring pptp ?
>
>
> Thanks
> Kal
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Marvin Greenlee: "Re: BGP Through PIX Question #1"
• Previous message: Victor Cappuccio: "RE: IP PIM NBMA-MODE"
• Maybe in reply to: Kal Han: "pptp on pix"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART