Solved: Restrict user to 1 IP (Remote access PPTP)

amiralisetoudeh · ‎07-09-2008

Hi everyone,

I've setup remote access PPTP VPN on a 2801 router (running 12.4 advsecurity).

What I'm trying to do is restrict the VPN user to only one IP in the network. I'm having trouble finding out how to get that configured.

Here's my config:

aaa new-model

!

aaa authentication login default local

aaa authentication ppp default local

vpdn enable

!

vpdn-group PPTP

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

interface Virtual-Template1

ip unnumbered Serial0/1/0

peer default ip address pool PPTP_Pool

no keepalive

ppp encrypt mppe auto

ppp authentication ms-chap ms-chap-v2

!

ip local pool PPTP_Pool 172.16.0.50 172.16.0.60

Connecting to the VPN works just fine. I just need to know how to restrict the user to be able to access one IP in the network.

Thanks in advance!!!!!!

singhsaju · ‎07-09-2008

Hi,

You can try using access list and bind it to inside interface (interface connected to your network) on the router as outbound.

HTH

Saju

singhsaju · ‎07-09-2008

Hi,

You can try using access list and bind it to inside interface (interface connected to your network) on the router as outbound.

HTH

Saju

amiralisetoudeh · ‎07-09-2008

Many thanks for the reply Saju. I assigned an access list to fa 0/0 and set the direction to 'out'.

It seems like it works... I just thought there might be a VPN related command that would perform the task.

Thanks again!