×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN Client

Unanswered Question
Dec 3rd, 2008
User Badges:
  • Silver, 250 points or more

Hi,

Is possible permit or deny to a VPN client in remote connection basing on source IP address? For example: if VPN Client that have to connect has x.x.x.x I permit the connection, else deny the connection. That is another authentication based on IP source address.


Best regards.

Massimiliano.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
JORGE RODRIGUEZ Wed, 12/03/2008 - 05:04
User Badges:
  • Green, 3000 points or more

Hi Massimiliano,


Sure it is possible but you could be faced with a problem, what if the RA vpn user tries to VPNing from a different place like those internet caffes places, or other homes.


Your best bet is to use Digital Certificates to realy enforced a source PC vpn user to RA using authorized PC/Laptop, you would have more control of who vpns in.


You could use ASA as a CA server


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc21f6e



or you could use 3rd party for CA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml



Rgds

Jorge


massimiliano.se... Wed, 12/03/2008 - 05:22
User Badges:
  • Silver, 250 points or more

Thank you Jorge for your response.


Best regards.

Massimiliano.

Actions

This Discussion