08-12-2010 01:42 AM
Hi folks,
so I've got a customer (custA) who wants to allow users of a customer of theirs (custB) to connect to custA's network via an ASA using Cisco VPN clients. I'm trying to secure it as much as possible. Can I somehow limit VPN Client connections to the ASA of custA from custB using the public IP of custB site?
The ASA has other LAN 2 LAN VPN sites that connect to it.
A LAN 2 LAN is not the preferred option here, specified by custA.
I have split tunneling to limit what IP's custB will connect to.
Via an ACL I have defined what ports and IP they connect to.
RSA will be used but in a couple of months time.
XAUTH is configured and using local usernames and passwords.
The public IP of custB is 2.2.2.2 (example for reference)
thanks
Dave
08-12-2010 03:13 PM
Dave,
ASA provides following option under group-policy:
vpn-simultaneous-logins - Enter maximum number of simultaneous logins
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1631556
Also from radius.
Is that something you were considering?
Marcin
08-12-2010 05:47 PM
Hi Marcin,
thanks for your suggestions but that's not really what I'm after.
I'd like to deploy for a remote access VPN client something similar to VPN Peers for LAN 2 LAN's, is that possible using the Remote VPN clients site public IP address?
thanks
Dave
08-12-2010 11:39 PM
Dave,
I don't believe there is an option like this since you land on dynamic crypto map most likely.
You would need to make a group-to-IP correlation at some point...
Sorry nothing rings a bell.
If it's only their headquarters that you would like to allow why not use L2L tunnel rather then remote access?
Seems like it's what you want anyway ;-)
Marcin
08-19-2010 07:53 AM
No worries. I thought it was worth asking the question.
Posted from my mobile device.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: