ASA Remote Access VPN with ACLs

Unanswered Question
Apr 23rd, 2008
User Badges:

Hi, I'm trying to configure ACLs to restrict the network access for remote access users (L2TP/IPscer VPN).


I'm applying an vpn-filter to the group policy


group-policy DfltGrpPolicy attributes

wins-server value 192.168.128.19

dns-server value 192.168.128.19

vpn-filter value VPN


If I put an "permit ip any any" statement in the VPN filter I can connect correctly through the VPN connection. But if I delete the permit ip any any and limit the access to some servers and ports I can't establish the vpn connection, so it looks like this filter works before establishing the connection

I can't see anything in the ASA log

Some help?

What ACL's I need? How can I restrict the network access?

Thaks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Tue, 04/29/2008 - 05:51
User Badges:
  • Bronze, 100 points or more

This document describes the procedure to use PIX/ASA to configure VPN filter in L2L and Remote Access with Cisco VPN Client.


Filters consist of rules that determine whether to allow or reject tunneled data packets that come through the security appliance, based on criteria such as source address, destination address, and protocol. You configure ACLs to permit or deny various types of traffic for this group policy. You can also configure this attribute in username mode, in which case, the value configured under username supersedes the group-policy value.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Actions

This Discussion