VPN Client

Unanswered Question
Dec 3rd, 2008

Hi,

Is possible permit or deny to a VPN client in remote connection basing on source IP address? For example: if VPN Client that have to connect has x.x.x.x I permit the connection, else deny the connection. That is another authentication based on IP source address.

Best regards.

Massimiliano.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
JORGE RODRIGUEZ Wed, 12/03/2008 - 05:04

Hi Massimiliano,

Sure it is possible but you could be faced with a problem, what if the RA vpn user tries to VPNing from a different place like those internet caffes places, or other homes.

Your best bet is to use Digital Certificates to realy enforced a source PC vpn user to RA using authorized PC/Laptop, you would have more control of who vpns in.

You could use ASA as a CA server

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc21f6e

or you could use 3rd party for CA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008092d8f1.shtml

Rgds

Jorge

Actions

This Discussion