Client Remote VPN with Restricted IP and Ports Access

Unanswered Question
Mar 18th, 2009

Hi,

I hope someone can help me.

I think this might be a relatively easy answer but I am struggling to get this to work properly.

I have configured an IPSec VPN connection which the clients connect to.

When connected, they receive an IP Address of 192.168.6.x/24.

Once they receive this IP address they can then connect to any server on our 192.168.1.x/24 network via any service.

I now want to restrict all users connecting as 192.168.6.x/24 to be restricted to only being able to access 192.168.1.17 on port 3389.

Thanks

James

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 03/18/2009 - 06:19

What device? Assuming ASA/PIX 7...

Option 1...

no sysopt connection permit-ipsec or permit-vpn depending upon version

access-list outside_access_in extended permit tcp 192.168.6.0 255.255.255.0 host 192.168.1.17 eq 3389

access-group outside_access_in in interface outside

If you do it this way it will restrict any ipsec vpn you have set up and you will have to specifically permit any access in the outside acl.

Here's option 2.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

Actions

This Discussion