Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Restricting VPN Flow with Concentrator

Unanswered Question
Apr 11th, 2006
User Badges:

Hi everyone,

I am trying to restrict what VPN Connections have access to on our inside network. I have got it working for clients using the VPN Client software, using a mixture of Rules (source/destination addresses/port) and Filters (assign the approriate filter to the group the user is a member of.

This works and i can lock down where the clients connecting get go and also what ports/protocols can be used.

Is this the best way to acheive this ?

Anyhow, the problem i am having is if i take this approach for a WebVPN Client. I am locking down to HTTP/HTTPS/DNS/RDP In/Out and for some reason when i apply the Filter to the group, the SSLVPN Client will no longer download. Is this the correct way to do this ? Anyone know whats stopping the SSLVPN Client from downloading using this ?

I am write in that i don't need to add anything in the filter to all https traffic from the External Interface on the Concentrator ?

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Mon, 04/17/2006 - 07:59
User Badges:
  • Silver, 250 points or more

VPN Client Blocking by Operating System and Type -

Adds the ability to restrict the different types of VPN clients (software client, router, VPN 3002, or Cisco PIX, for example) that are allowed to connect based on the type of client, operating system installed, and version of VPN client software

Supports restricting or preventing access to noncompliant VPN clients



This Discussion