10-29-2007 08:55 AM - edited 02-21-2020 03:20 PM
Hi,
Is there a way to limit vpn client sessions based on the application ports? For example, I would like to give access to a vendor to a specific internal server but his access needs to be limited to FTP only. I can define the server access using a VPN network list but I'm not sure how to restrict further by using the port numbers.
I'm ruling out the VPN Filters since they need to be applied physically to an interface, affecting other users whose access are based on IP addresses.
Thanks.
-Jim
11-02-2007 09:59 AM
You can configure an extended access list and specify the port range for each ip address. The following URL might help.
http://cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml#tab4
11-07-2007 12:34 PM
I curious to know how you limited the vendor to a specific internal server. I need to do the same.
11-07-2007 12:42 PM
I was wrong about using the filters. Filters can be applied to VPN groups to limit access down to the port level. The filters become complex when restrictions are numerous and the number of servers involved is large. Filters can not be applied to VPN users.
To answer your question of just limiting the access to a specific server, use split tunneling in conjunction with a network list. You include the internal server IP address in the network list.
-Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide