08-21-2009 03:04 AM - edited 03-11-2019 09:08 AM
Hello,
How can i limit Remote Access VPN users, only to a pariticular ip address in may inside network, say 10.10.10.1
Thank you.
Solved! Go to Solution.
08-28-2009 11:45 PM
If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.
You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.
If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.
08-21-2009 03:48 AM
You have multiple options:-
1) Write an ACL that is applied to the VPN client.
2) Allow them all access - and write an acl to be applied to the outbound direction of your inside interface
3) Write an ACL for that 1 device and configure is for split tunneling.
4) Assign a dynamic ACL upon connection (this requires an ACS)
HTH>
08-21-2009 08:54 AM
You can also try using a vpn-filter which you apply to the group policy. hth
08-23-2009 09:01 PM
Could you please give some examples to do the same...
Thank You.
08-24-2009 12:43 AM
08-28-2009 11:45 PM
If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.
You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.
If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.
08-29-2009 12:25 AM
Thank you very much jason, i will go for the first option, that will do magic for me..........
Thakns for all who responded on ma query...
Regards,
Shijo.
08-31-2009 12:00 AM
Hi,
I have configured Remote VPN on outside interface for outside users. Now I want to allow only few IP's to access the Remote VPN so for this, what configuration is required. Pls expain an example if possible.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: