Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4430
Views
5
Helpful
7
Replies

Restricting Remote Access VPN

Go to solution
shijomon scaria
Level 1
Level 1

‎08-21-2009 03:04 AM - edited ‎03-11-2019 09:08 AM

Hello,

How can i limit Remote Access VPN users, only to a pariticular ip address in may inside network, say 10.10.10.1

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jason.espino
Level 1
Level 1
In response to andrew.prince

‎08-28-2009 11:45 PM

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.

You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.

If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
andrew.prince
Level 10
Level 10

‎08-21-2009 03:48 AM

You have multiple options:-

1) Write an ACL that is applied to the VPN client.

2) Allow them all access - and write an acl to be applied to the outbound direction of your inside interface

3) Write an ACL for that 1 device and configure is for split tunneling.

4) Assign a dynamic ACL upon connection (this requires an ACS)

HTH>

0 Helpful

Go to solution
kwillacey
Level 3
Level 3
In response to andrew.prince

‎08-21-2009 08:54 AM

You can also try using a vpn-filter which you apply to the group policy. hth

Go to solution
shijomon scaria
Level 1
Level 1

‎08-23-2009 09:01 PM

Could you please give some examples to do the same...

Thank You.

0 Helpful

Go to solution
jason.espino
Level 1
Level 1
In response to andrew.prince

‎08-28-2009 11:45 PM

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.

You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.

If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

0 Helpful

Go to solution
shijomon scaria
Level 1
Level 1
In response to jason.espino

‎08-29-2009 12:25 AM

Thank you very much jason, i will go for the first option, that will do magic for me..........

Thakns for all who responded on ma query...

Regards,

Shijo.

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to shijomon scaria

‎08-31-2009 12:00 AM

Hi,

I have configured Remote VPN on outside interface for outside users. Now I want to allow only few IP's to access the Remote VPN so for this, what configuration is required. Pls expain an example if possible.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card