Greetings CISCO gurus,
I'll try to keep this as brief as possible. Currently we have a Win2K
server running Routing and Remote Acces (RRAS) for a VPN solution for
our business. We have several outside vendors that connect to our VPN,
and have access to various machines on our network for FTP, telnet,
We are using Remote Access Policies and specifically the IP Packet
Filters to limit the IP addresses the vendors have access to when
connected to our network VPN. If we want to deny all traffic except
traffic to/from 10.1.1.5 to a particular vendor, we can do that.
My question: We got a CISCO PIX 515e firewall, which I understand has
some VPN capabilities. I know next to squat about CISCO, since I am
not the network administrator. However, I would like to know: Is it
possible with the 515e to do the same kind of setup as I have with
Microsoft RRAS? I'd like to be able to setup VPN groups, and be able
restrict access on VPN connections to certain IP addresses on the
The network admin says this isn't possible with the 515e. He says
once the vendors are connected on the VPN, they become like regular
nodes on the internal network and you cannot packet filter traffic
between the VPN IP address pool and the internal addresses. He says
we need to buy a dedicated VPN solution to do what I want to do.
Anyone else know differently? If it can be done, are there online
resources you could point me to so I can show our network admin?