Limit VPN Client to ASA from single site

Unanswered Question
Aug 12th, 2010

Hi folks,

so I've got a customer (custA) who wants to allow users of a customer of theirs (custB) to connect to custA's network via an ASA using Cisco VPN clients. I'm trying to secure it as much as possible. Can I somehow limit VPN Client connections to the ASA of custA from custB using the public IP of custB site?

The ASA has other LAN 2 LAN VPN sites that connect to it.

A LAN 2 LAN is not the preferred option here, specified by custA.

I have split tunneling to limit what IP's custB will connect to.

Via an ACL I have defined what ports and IP they connect to.

RSA will be used but in a couple of months time.

XAUTH is configured and using local usernames and passwords.

The public IP of custB is 2.2.2.2 (example for reference)

thanks

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
d.hodgson Thu, 08/12/2010 - 17:47

Hi Marcin,

thanks for your suggestions but that's not really what I'm after.

I'd like to deploy for a remote access VPN client something similar to VPN Peers for LAN 2 LAN's, is that possible using the Remote VPN clients site public IP address?

thanks

Dave

Marcin Latosiewicz Thu, 08/12/2010 - 23:39

Dave,

I don't believe there is an option like this since you land on dynamic crypto map most likely.

You would need to make a group-to-IP correlation at some point...

Sorry nothing rings a bell.

If it's only their headquarters that you would like to allow why not use L2L tunnel rather then remote access?

Seems like it's what you want anyway ;-)

Marcin

d.hodgson Thu, 08/19/2010 - 07:53

No worries. I thought it was worth asking the question.

Posted from my mobile device.

Actions

This Discussion