Client Remote VPN with Restricted IP and Ports Access

Unanswered Question
Mar 18th, 2009
User Badges:


I hope someone can help me.

I think this might be a relatively easy answer but I am struggling to get this to work properly.

I have configured an IPSec VPN connection which the clients connect to.

When connected, they receive an IP Address of 192.168.6.x/24.

Once they receive this IP address they can then connect to any server on our 192.168.1.x/24 network via any service.

I now want to restrict all users connecting as 192.168.6.x/24 to be restricted to only being able to access on port 3389.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 03/18/2009 - 06:19
User Badges:
  • Green, 3000 points or more

What device? Assuming ASA/PIX 7...

Option 1...

no sysopt connection permit-ipsec or permit-vpn depending upon version

access-list outside_access_in extended permit tcp host eq 3389

access-group outside_access_in in interface outside

If you do it this way it will restrict any ipsec vpn you have set up and you will have to specifically permit any access in the outside acl.

Here's option 2.


This Discussion