Best way to allow a vpn profile only from one address

Unanswered Question
May 20th, 2009


This is a wierd request as it flies in the face of the purpose of vpn clients but I ahve my reasons:

We don't like Split-T but we have a userbase on a customer site that require it. I have made a special profile for them but they tend to hand out the .pcf to others as well as using it from home, etc. So I want to tie this group policy to a single source address.

Termination device is a 5520 with 8.x

Can it be done in the crypto definition or do I need to use an ACL entry on the outside interface?

Many thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m.surtees Wed, 05/20/2009 - 17:14

Thanks jorgemcse,

A bit low on time to read that whole doco right now so I won't rate your post. But thanks anyway and it will be good to investigate using the ASA as a local CA server on top of my current issue.




This Discussion