Restrict RemoteAccess VPN to ASA 5520 v 7.2

Unanswered Question
May 29th, 2007

Hi to all,

I would like to know how I can restrict the hosts that can establish a Remote Access VPN with my ASA.

For exaple I would like to allow some publics IP and deny all the others.

I have been looking in the manuals and the web but I haven't be able to find a solution.

Thanks and regards,

Fernando.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 05/29/2007 - 07:06

Fernando,

If you want to restrict who can establish a vpn, look at the "sysopt connection permit-vpn" command. Disabling this will allow you to restrict access to particular addresses with interface access-lists.

If you are interested in filtering traffic after the session has been established, then you are looking for this...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

networkingib Tue, 05/29/2007 - 09:50

Hi acomiskey,

First of all, thanks for your reply.

You said:

"If you want to restrict who can establish a vpn, look at the "sysopt connection permit-vpn" command. Disabling this will allow you to restrict access to particular addresses with interface access-lists."

I was looking for something similar to this but for be applied to the object-group. I will go more in deep. I have tow different groups for the VPN, one for management that would need to be filtered to allow only some public IPs and another VPN for office users that would be able to access from any public IP. So that, if I would use your solution it would deny the access for the office users.

Could be possible to do it in another way?

Kind Regards, Fernando.

Federico Coto F... Tue, 02/16/2010 - 15:47

Hi,

If you have an ACS, you can send attributes to the ASA to block IPsec tunnel attempts to the ASA based on profiles.

Federico.

Actions

This Discussion