12-22-2008 10:50 AM
We use the basic Cisco VPN Client for Windows for our employees to connect to our network. No issues with it.
We want to have one of our customers use it and when they connect to the router, allow it (via the PCF?) to connect to a single IP address. So, for example, customer A connects via the client to our router and he could only ping and/or connect to 10.10.10.50. Everything else is unavailable to him.
Is this possible with a PCF config file or would there need to be programming on the router or not possible at all?
Thanks,
Charles
12-23-2008 04:11 AM
Hi Charles,
It is possible with the help of ACL.While defining VPN client group , configure the ACL for the restricted access.
e.g.
crypto isakmp client configuration group
key ****
pool
acl 101
access-list 101 permit ip host 10.10.10.50.
Hope to help
Rahul
12-23-2008 01:53 PM
If you have one user and they're listed on the ASA, you can go under their username attributes and set an acl using "vpn-filter value". This also restricts what they can get to.
HTH,
John
01-12-2009 10:51 AM
Thanks for the answers. To further this, my understanding is you can put an "!" on lines in a .pcf so that the user can't change the setting in the client software. But the user *could* go in and change the .pcf directly and re-import it.
If I need to send one of our customers the client and the .pcf to install and import, I guess they could undo any of the settings I set if they know how to edit the .pcf. Can I create a protected .pcf? How would I send a customer the client and settings to install and not have them be able to alter their config?
Thank you. This is all a first for me.
Charles
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: