Limit VPN Client to ASA from single site

Unanswered Question
Aug 12th, 2010
User Badges:

Hi folks,


so I've got a customer (custA) who wants to allow users of a customer of theirs (custB) to connect to custA's network via an ASA using Cisco VPN clients. I'm trying to secure it as much as possible. Can I somehow limit VPN Client connections to the ASA of custA from custB using the public IP of custB site?


The ASA has other LAN 2 LAN VPN sites that connect to it.

A LAN 2 LAN is not the preferred option here, specified by custA.

I have split tunneling to limit what IP's custB will connect to.

Via an ACL I have defined what ports and IP they connect to.

RSA will be used but in a couple of months time.

XAUTH is configured and using local usernames and passwords.

The public IP of custB is 2.2.2.2 (example for reference)


thanks

Dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
d.hodgson Thu, 08/12/2010 - 17:47
User Badges:

Hi Marcin,


thanks for your suggestions but that's not really what I'm after.


I'd like to deploy for a remote access VPN client something similar to VPN Peers for LAN 2 LAN's, is that possible using the Remote VPN clients site public IP address?


thanks

Dave

Marcin Latosiewicz Thu, 08/12/2010 - 23:39
User Badges:
  • Cisco Employee,

Dave,


I don't believe there is an option like this since you land on dynamic crypto map most likely.

You would need to make a group-to-IP correlation at some point...


Sorry nothing rings a bell.


If it's only their headquarters that you would like to allow why not use L2L tunnel rather then remote access?

Seems like it's what you want anyway ;-)


Marcin

d.hodgson Thu, 08/19/2010 - 07:53
User Badges:

No worries. I thought it was worth asking the question.

Posted from my mobile device.

Actions

This Discussion