Access to one ip address

[wturner80]

How do I restrict a VPN user/client to have access to only one internal ip address? Any help would be great.

 

[fdurham]

wturner-

What type of VPN is it? Is it through the PIX? If so, is it IPSEC or PPTP?

After you answer those questions, I can help you accomplish what you are trying to do.

Frank

 

[wturner80]

Frank,

The VPN is through a PIX v6.3(4) and I have several VPN users setup for remote access. When they authenticate I want them to have access to only one ip address on the network...is it possible?
Should I set up a new dhcp pool on the pix...assign the user to that pool and then multihome the server to reflect an ip address on the same subnet as the pix pool?

Thanks

 

[fdurham]

wturner-

If you want tonly those few to have access to one IP address; then just change/create an access-list to permit access to that one IP address. Example..

Single IP on Inside: 172.16.1.1
VPN Pool: 192.168.0.1 - 192.168.0.10

access-list 100 permit ip host 172.16.1.1 192.168.0.0 255.255.255.0

access-list nonat permit ip host 172.16.1.1 192.168.0.0 255.255.255.0

Now of course if you have another set of VPN users that needs other access then create another VPN group with its own respective access-lists. Can you post yout config for the VPN portion of your pix?

Frank