Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
4
Replies

Remote VPN client allowed to specific protocol like RDP only

Go to solution
r.gayagoy
Level 1
Level 1

‎07-28-2009 10:53 PM

Hi, is it possible to allow or limit the vpn clients to a specific protocol like RDP to the allowed network (internal)? Most of the samples in Cisco allows IP protocol on the access-list from the internat network to the IP pool which is then nated as Nat (0). I have tried to allow only RDP protocol in this access-list and it's not working.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to r.gayagoy

‎07-29-2009 04:19 PM

Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154

On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.

Regards

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎07-29-2009 10:19 AM

Sure you can, you can use per users vpn filters.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Regards

Jorge Rodriguez
0 Helpful

Go to solution
r.gayagoy
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-29-2009 02:58 PM

Thanks George for this link and it very helpful.

Is it possible on PIX version 6.3?

Regards

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to r.gayagoy

‎07-29-2009 04:19 PM

Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154

On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.

Regards

Jorge Rodriguez
0 Helpful

Go to solution
r.gayagoy
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-29-2009 09:17 PM

Thanks George...

0 Helpful
Customers Also Viewed These Support Documents