Restricting Remote Access VPN

Answered Question
Aug 21st, 2009
User Badges:

Hello,

How can i limit Remote Access VPN users, only to a pariticular ip address in may inside network, say 10.10.10.1


Thank you.

Correct Answer by jason.espino about 7 years 7 months ago

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.


You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.


If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.

You have multiple options:-


1) Write an ACL that is applied to the VPN client.

2) Allow them all access - and write an acl to be applied to the outbound direction of your inside interface

3) Write an ACL for that 1 device and configure is for split tunneling.

4) Assign a dynamic ACL upon connection (this requires an ACS)


HTH>

kwillacey Fri, 08/21/2009 - 08:54
User Badges:
  • Bronze, 100 points or more

You can also try using a vpn-filter which you apply to the group policy. hth

Correct Answer
jason.espino Fri, 08/28/2009 - 23:45
User Badges:
  • Bronze, 100 points or more

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.


You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.


If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

shijomon scaria Sat, 08/29/2009 - 00:25
User Badges:

Thank you very much jason, i will go for the first option, that will do magic for me..........


Thakns for all who responded on ma query...


Regards,

Shijo.

ray_stone Mon, 08/31/2009 - 00:00
User Badges:

Hi,


I have configured Remote VPN on outside interface for outside users. Now I want to allow only few IP's to access the Remote VPN so for this, what configuration is required. Pls expain an example if possible.

Actions

This Discussion