My vendor wants to use client VPN to access my network but I want to limit them to access one IP 192.168.1.1 using port 443. What change do I need to made?
Here is the short version of config.
interface ethernet0
ip address 10.10.4.200 255.255.0.0
nameif outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
ip local pool testpool 192.168.0.10-192.168.0.15
username testuser password 12345678
crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
tunnel-group testgroup ipsec-attributes
pre-shared-key xxx
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside