Best way to allow a vpn profile only from one address

Unanswered Question
May 20th, 2009

Hi,


This is a wierd request as it flies in the face of the purpose of vpn clients but I ahve my reasons:


We don't like Split-T but we have a userbase on a customer site that require it. I have made a special profile for them but they tend to hand out the .pcf to others as well as using it from home, etc. So I want to tie this group policy to a single source address.


Termination device is a 5520 with 8.x


Can it be done in the crypto definition or do I need to use an ACL entry on the outside interface?


Many thanks in advance,

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.surtees Wed, 05/20/2009 - 17:14

Thanks jorgemcse,


A bit low on time to read that whole doco right now so I won't rate your post. But thanks anyway and it will be good to investigate using the ASA as a local CA server on top of my current issue.


Regards,

Mike



Actions

This Discussion