Applying Access rules to Remote Access VPN

Unanswered Question

Hello all. I have just configured a new RA VPN Group. When connected, users are able to connect to any resources I have defined in Group Policy\Split Tunneling.

However, I would like to restrict this VPN Group to access just a few resources such as RDP on a few servers and ssh on a few switches. How do I accomplish this? I have tried putting some rules in the rulebase but they do not seem to be restricting this traffic.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
praprama Wed, 09/15/2010 - 09:07

Hi Kevin,

We can use vpn-filters for this purpose:

For example, if your VPN pool is and inside netowrk is to which you want to allow access only on TCP port 22, the access-list fpr VPN filter will be as below:

access-list VPN permit tcp eq ssh

This will then have to specified under the group-policy as the vpn-filter. let me know if this helps.



praprama Wed, 09/15/2010 - 09:31

Hi Kevin,

You can do the same using ASDM as well. On the ASDM, go to the group-policies section and select the group-policy you have specified for your remote access users. Then press "Edit". Once here, you should see an option saying VPN filter or IPv4Filter or something like that. You can click the "Manage" buttong there and then either using an existing ACL or create a new one as required.

I am not sure of the ASDM version you are using so don't know the exacty terms but the path should be the same irrespective of the ASDM version.

Hope this helps!



praprama Wed, 09/15/2010 - 17:21

Hey Kevin,

Glad that i could be of help. Please mark this as Answered if all is resolved.




This Discussion