Stateful Access from LAN to all IPSEC VPN Clients ASA5520

Unanswered Question
Nov 20th, 2009
User Badges:

ASA5520 Cisco IPSEC VPN Client  using DAP 


I want to have access to all connected VPN Clients from the inside LAN. The access should only be available if it is initiated from the inside LAN.

Example Application: mstsc

The VPN Client should only be able to access restricted hosts on the inside LAN. This is done by ACL within the DAP.

At the moment I have to open all destination hosts/ports in the DAP ACL of the VPN Client which I want to make reachable from the inside LAN.

I think there must be a way to define:

All VPN Clients can be reached from the inside LAN.

All VPN Clients can only reach definied hosts at the inside LAN.

Does anyone have an idea how I can configure this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)

There are a couple of ways I can think of to achive this:-

For VPN client access to inside hosts-

1) Write an ACL that is applied on the inside interface outbound restricting access

2) Write an ACL and apply it to the VPN Client Firewall

For Inside access to VPN Client-

1) Wirte an ACL that is applied on the inside interface inbound restricting access



This Discussion

Related Content