On the isakmp key <key> address <ipsec peer> netmask <netmask> command I
don't see how to specify differently for VPN clients. I have one key with
the IPSec peer on the PIX-PIX vpn using a /32 subnet but if I specify
0.0.0.0 netmask 0.0.0.0 for the VPN clients, won't this interfere?
----- Original Message -----
From: "Christopher Larson" <[EMAIL PROTECTED]>
To: "'Allen May'" <[EMAIL PROTECTED]>; "Christopher Larson"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 11:02 AM
Subject: RE: PIX VPN IP Pool
> Oh, in my experience all your IKE mode config clients would have to have
the
> same security policies. You would base your IPSEC lists on the IP address
> assigned to them from the pool.
>
> -----Original Message-----
> From: Allen May [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 11:05 AM
> To: Christopher Larson; [EMAIL PROTECTED]
> Subject: Re: PIX VPN IP Pool
>
>
> THATS what I meant to say ;) I was wondering how the damn pool worked and
> how you'd be able to differentiate the ACLs by IP.
>
> ----- Original Message -----
> From: "Christopher Larson" <[EMAIL PROTECTED]>
> To: "'Allen May'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, February 02, 2001 6:45 AM
> Subject: RE: PIX VPN IP Pool
>
>
> > This should not interfere with your other VPN's. It will simply allow
the
> > Client to get an address from the pool. What I haven't figured out yet
is
> if
> > there is a way to seperate IKE mode configed clients so that each group
of
> > clients would have a different security policy. They have to get all
their
> > addresses from the same pool, and there is no way to differentiate
pools,
> or
> > sets of clients so it seems to me that when using IKE mode config that
you
> > can only do it for a set of clients that will share the same security
> > policy.
> >
> >
> > Have you or anyone seen any way to do this using IKE mode config?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Allen May [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 01, 2001 2:41 PM
> > To: [EMAIL PROTECTED]
> > Subject: PIX VPN IP Pool
> >
> >
> > OK I get all the VPN stuff for IPSec. I have a working PIX-PIX VPN
> working
> > right now and am in the process of implementing CiscoSecure to PIX VPN.
I
> > haven't implemented it quite yet because I"m worried about a possible
> > conflict here.
> >
> > Configuring IKE Mode Config parameters calls for the following:
> > ip local pool (pool-name) ip-range
> > isakmp cilent cnofiguration address-pool local (pool-name) outside
> > crypto map (crypto-map-name) client configuration address initiate
> >
> > The first 2 lines have a common pool-name but have no places in there to
> > match it to previous commands set up for the specific VPN. All others
in
> my
> > config have some reference either by a name or a number in the command.
> >
> > The 3rd line also has no reference whatsoever to which VPN this should
> > apply. There are no similar commands for the PIX-PIX vpn but I'm
> wondering
> > if this will somehow interfere or am I just being overly cautious here?
> >
> > Allen May
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
