Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PPTP to 2 different LANs using VPDN groups

Status
Not open for further replies.
heyburt

heyburt

Technical User
Jan 6, 2003
6
NZ
Hi

We run a shared PIX firewall for two customers and we require remote users for both customers to VPN to their respective LAN's after 1. authentiating against a RADIUS server and 2. receiving an IP address from the respective group/company's pool. My question is how will the PIX know which VPDN group to use if all remote users come in on the Outside interface, i.e. how will it differentiate or it this at all possible? Also, we are trying to do this using PPTP and not IPsec. Any info on these topics would be much appreciated. Can't find much on the subject at the moment.

Cheers.
 
Sort by date Sort by votes
You define the pool with the command: ip local pool <pool-name> <start-of-pool>-<end-of-pool>

Then you define your groups with the vpdn commands and specify which pool to use: vpdn group <group-name> client configuration address local <pool-name>

You need to configure all the vpdn commands.
 
Upvote 0 Downvote
I already have the groups configured with different pools and auth servers, but how do you configure the PPTP client (eg Win2K) so that it uses the preferred vpdn group?
 
Upvote 0 Downvote
You need to different groups of people to authenticate on one PIX and then each group needs to have access to there respective network correct?

If this is correct you can assign a seperate IP pool to each group then use and access list to limit each pool to only access there respective network.

Hope this helps.
 
Upvote 0 Downvote
HI.

I would use static to map a registered ip address to the internal MS server of each client, then permit PPTP and GRE to each server, and handle VPN at each customer server and not at the pix.

In that way you get 2 things:
1) Eliminate the problem of managing complex 2 VPN scenario at the pix.
2) Let each network manage its own VPN.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
To clarify the problem:

- Two seperate groups of users require access to different resources behind the PIX.
- The two groups need to have different IP Pools (so they can be restricted to specifed services using access-list) and they need to be authenticated using different servers (ie 2 seperate Radius servers).

This can be done on the PIX using vpdn groups - configure 2 groups, each with a differnet authentication server and IP Pool.
Configuring the PPTP client is easy, but how do you specify which group the client will use when the connection is iniated, ie how does the PIX which group to assign to the client?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
294
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
309
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
253
nnaarrnn
nnaarrnn
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
80
ISDPCMAN
ISDPCMAN
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
85
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top