Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
1
Replies

VPN Network restrictions

ucnsbstaff
Level 1
Level 1

‎09-26-2007 07:18 PM - edited ‎03-11-2019 04:17 AM

My situation (I'm very new to Cisco and networking)

My company has some consultants who will be using the software VPN (not the SSL) to access our network through an ASA 5510.

I created a VPN for them and a group policy that hands out 192.168.12.xxx which is unique in our network.

I am trying to limit them to only 3 servers. So far I tried to set group policies, the VPN wizard, and even created an ACL in the ASA to limit 192.168.12.xxx to only the three server ip's but when I test it, it allows me to browse the entire network, we cant really use ACLs in the network to limit access and counting on AD to limit access isn't trusted enough.

Does the ASA 5510 have the ability to limit network access per each VPN group?

Is this a NAT rule maybe?

Labels:
0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎09-27-2007 04:58 AM

Take a look at this document.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

It explains how to create a vpn-filter acl which is assigned to the tunnel-group to restrict traffic.

Your other option is to write the access in your outside acl. But to do this you must remove sysopt connection permit-ipsec/vpn.

Let us know if you need any more help.

Please rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card