Limit VPN client connect to specific IP

Unanswered Question
Dec 22nd, 2008

We use the basic Cisco VPN Client for Windows for our employees to connect to our network. No issues with it.

We want to have one of our customers use it and when they connect to the router, allow it (via the PCF?) to connect to a single IP address. So, for example, customer A connects via the client to our router and he could only ping and/or connect to 10.10.10.50. Everything else is unavailable to him.

Is this possible with a PCF config file or would there need to be programming on the router or not possible at all?

Thanks,

Charles

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
passioncas Tue, 12/23/2008 - 04:11

Hi Charles,

It is possible with the help of ACL.While defining VPN client group , configure the ACL for the restricted access.

e.g.

crypto isakmp client configuration group

key ****

pool

acl 101

access-list 101 permit ip host 10.10.10.50.

Hope to help

Rahul

John Blakley Tue, 12/23/2008 - 13:53

If you have one user and they're listed on the ASA, you can go under their username attributes and set an acl using "vpn-filter value". This also restricts what they can get to.

HTH,

John

charles_wooleve... Mon, 01/12/2009 - 10:51

Thanks for the answers. To further this, my understanding is you can put an "!" on lines in a .pcf so that the user can't change the setting in the client software. But the user *could* go in and change the .pcf directly and re-import it.

If I need to send one of our customers the client and the .pcf to install and import, I guess they could undo any of the settings I set if they know how to edit the .pcf. Can I create a protected .pcf? How would I send a customer the client and settings to install and not have them be able to alter their config?

Thank you. This is all a first for me.

Charles

Actions

This Discussion