Remote VPN and ACL

Unanswered Question
Jan 21st, 2009

I am using CISCO 1811, and have some users connects via cisco remote-vpn-client. the problem is i am unable to restrict them. even though i have blocked there access to only single host, but they are able to access other VLAN .

ip access-list extended vpn-client-work

permit ip host

permit tcp host eq 80

permit tcp host eq 8080

deny ip any

permit ip any any

#######ACL applied on FA1.1 (having ip address LAN

ip access-group vpn-client-work in

####### ACL applied on FA0 (Public Interface)

ip access-group vpn-client-work in

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Firstly - I think you have applied the ACL in the wrong direction on fa1.1 - try applying "out"

Secondly - applying the ACL in the FA0 will have no impact on the the encrypted VPN traffic.

I would try something like:-

crypto isakmp client configuration group <>

acl xxx

access-list xxx permit ip host

access-list xxx permit tcp host eq 80

access-list xxx permit tcp host eq 8080

access-list xxx deny ip any


This Discussion