Implementing restrictions over VPN tunnel

network_a · ‎12-26-2007

Hi all,

I do have created a VPN tunnel. My internal IP address is from 172 range and remote end IP address is from 192 range. Now I would like to configure this VPN tunnel in such when any IP address from 192 range is accessing servers in 172 range then they can access it only on port number 8060. Remote end configuration is out of my scope, so have to do something at my end only. Kindly suggest.

lalmohammad · ‎12-27-2007

Hi,

for this you need to creat two access list one for outgoing and other for incoming.

1. access-list VPN extended permit tcp 172.x.x.x 255.x.x.x 192.x.x.x 255.x.x.x eq 8060

2. access-list vpn extended permit tcp 192.x.x.x 255.x.x.x 172.x.x.x 255.x.x.x eq 8060

you need to apply on the

nat (inside) 0 access-list VPN.

thanks & Regards,

Lal