Oh, in my experience all your IKE mode config clients would have to have the
same security policies. You would base your IPSEC lists on the IP address
assigned to them from the pool.
-----Original Message-----
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 11:05 AM
To: Christopher Larson; [EMAIL PROTECTED]
Subject: Re: PIX VPN IP Pool
THATS what I meant to say ;) I was wondering how the damn pool worked and
how you'd be able to differentiate the ACLs by IP.
----- Original Message -----
From: "Christopher Larson" <[EMAIL PROTECTED]>
To: "'Allen May'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 6:45 AM
Subject: RE: PIX VPN IP Pool
> This should not interfere with your other VPN's. It will simply allow the
> Client to get an address from the pool. What I haven't figured out yet is
if
> there is a way to seperate IKE mode configed clients so that each group of
> clients would have a different security policy. They have to get all their
> addresses from the same pool, and there is no way to differentiate pools,
or
> sets of clients so it seems to me that when using IKE mode config that you
> can only do it for a set of clients that will share the same security
> policy.
>
>
> Have you or anyone seen any way to do this using IKE mode config?
>
>
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Allen May [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 01, 2001 2:41 PM
> To: [EMAIL PROTECTED]
> Subject: PIX VPN IP Pool
>
>
> OK I get all the VPN stuff for IPSec. I have a working PIX-PIX VPN
working
> right now and am in the process of implementing CiscoSecure to PIX VPN. I
> haven't implemented it quite yet because I"m worried about a possible
> conflict here.
>
> Configuring IKE Mode Config parameters calls for the following:
> ip local pool (pool-name) ip-range
> isakmp cilent cnofiguration address-pool local (pool-name) outside
> crypto map (crypto-map-name) client configuration address initiate
>
> The first 2 lines have a common pool-name but have no places in there to
> match it to previous commands set up for the specific VPN. All others in
my
> config have some reference either by a name or a number in the command.
>
> The 3rd line also has no reference whatsoever to which VPN this should
> apply. There are no similar commands for the PIX-PIX vpn but I'm
wondering
> if this will somehow interfere or am I just being overly cautious here?
>
> Allen May
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
