VPN Network restrictions

Unanswered Question
Sep 26th, 2007
User Badges:

My situation (I'm very new to Cisco and networking)

My company has some consultants who will be using the software VPN (not the SSL) to access our network through an ASA 5510.

I created a VPN for them and a group policy that hands out 192.168.12.xxx which is unique in our network.

I am trying to limit them to only 3 servers. So far I tried to set group policies, the VPN wizard, and even created an ACL in the ASA to limit 192.168.12.xxx to only the three server ip's but when I test it, it allows me to browse the entire network, we cant really use ACLs in the network to limit access and counting on AD to limit access isn't trusted enough.

Does the ASA 5510 have the ability to limit network access per each VPN group?

Is this a NAT rule maybe?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 09/27/2007 - 04:58
User Badges:
  • Green, 3000 points or more

Take a look at this document.


It explains how to create a vpn-filter acl which is assigned to the tunnel-group to restrict traffic.

Your other option is to write the access in your outside acl. But to do this you must remove sysopt connection permit-ipsec/vpn.

Let us know if you need any more help.

Please rate helpful posts.


This Discussion