THATS what I meant to say ;) I was wondering how the damn pool worked and
how you'd be able to differentiate the ACLs by IP.
----- Original Message -----
From: "Christopher Larson" <[EMAIL PROTECTED]>
To: "'Allen May'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 6:45 AM
Subject: RE: PIX VPN IP Pool
> This should not interfere with your other VPN's. It will simply allow the
> Client to get an address from the pool. What I haven't figured out yet is
if
> there is a way to seperate IKE mode configed clients so that each group of
> clients would have a different security policy. They have to get all their
> addresses from the same pool, and there is no way to differentiate pools,
or
> sets of clients so it seems to me that when using IKE mode config that you
> can only do it for a set of clients that will share the same security
> policy.
>
>
> Have you or anyone seen any way to do this using IKE mode config?
>
>
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Allen May [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 01, 2001 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: PIX VPN IP Pool
>
>
> OK I get all the VPN stuff for IPSec. I have a working PIX-PIX VPN
working
> right now and am in the process of implementing CiscoSecure to PIX VPN. I
> haven't implemented it quite yet because I"m worried about a possible
> conflict here.
>
> Configuring IKE Mode Config parameters calls for the following:
> ip local pool (pool-name) ip-range
> isakmp cilent cnofiguration address-pool local (pool-name) outside
> crypto map (crypto-map-name) client configuration address initiate
>
> The first 2 lines have a common pool-name but have no places in there to
> match it to previous commands set up for the specific VPN. All others in
my
> config have some reference either by a name or a number in the command.
>
> The 3rd line also has no reference whatsoever to which VPN this should
> apply. There are no similar commands for the PIX-PIX vpn but I'm
wondering
> if this will somehow interfere or am I just being overly cautious here?
>
> Allen May
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
