cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
0
Helpful
3
Replies

Limit VPN client connect to specific IP

We use the basic Cisco VPN Client for Windows for our employees to connect to our network. No issues with it.

We want to have one of our customers use it and when they connect to the router, allow it (via the PCF?) to connect to a single IP address. So, for example, customer A connects via the client to our router and he could only ping and/or connect to 10.10.10.50. Everything else is unavailable to him.

Is this possible with a PCF config file or would there need to be programming on the router or not possible at all?

Thanks,

Charles

3 Replies 3

passioncas
Level 1
Level 1

Hi Charles,

It is possible with the help of ACL.While defining VPN client group , configure the ACL for the restricted access.

e.g.

crypto isakmp client configuration group

key ****

pool

acl 101

access-list 101 permit ip host 10.10.10.50.

Hope to help

Rahul

If you have one user and they're listed on the ASA, you can go under their username attributes and set an acl using "vpn-filter value". This also restricts what they can get to.

HTH,

John

HTH, John *** Please rate all useful posts ***

Thanks for the answers. To further this, my understanding is you can put an "!" on lines in a .pcf so that the user can't change the setting in the client software. But the user *could* go in and change the .pcf directly and re-import it.

If I need to send one of our customers the client and the .pcf to install and import, I guess they could undo any of the settings I set if they know how to edit the .pcf. Can I create a protected .pcf? How would I send a customer the client and settings to install and not have them be able to alter their config?

Thank you. This is all a first for me.

Charles

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: