07-28-2009 10:53 PM
Hi, is it possible to allow or limit the vpn clients to a specific protocol like RDP to the allowed network (internal)? Most of the samples in Cisco allows IP protocol on the access-list from the internat network to the IP pool which is then nated as Nat (0). I have tried to allow only RDP protocol in this access-list and it's not working.
Thanks.
Solved! Go to Solution.
07-29-2009 04:19 PM
Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154
On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.
Regards
07-29-2009 10:19 AM
Sure you can, you can use per users vpn filters.
Regards
07-29-2009 02:58 PM
Thanks George for this link and it very helpful.
Is it possible on PIX version 6.3?
Regards
07-29-2009 04:19 PM
Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154
On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.
Regards
07-29-2009 09:17 PM
Thanks George...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide