Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can you create a limited client VPN access?

My vendor wants to use client VPN to access my network but I want to limit them to access one IP 192.168.1.1 using port 443. What change do I need to made?

Here is the short version of config.

interface ethernet0

ip address 10.10.4.200 255.255.0.0

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool 192.168.0.10-192.168.0.15

username testuser password 12345678

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

1 REPLY

Re: Can you create a limited client VPN access?

You have to add in the nonat the segments that the your provider can access like this.

access-list nonat extended permit ip host 10.1.3.11 192.168.0.0 255.255.255.0

or if you use the split tunnel you can control it int his cacces list.

like this.

access-list VPN_PROVEEDOR1_SPLIT extended permit ip 10.1.3.11 255.255.255.255 192.168.0.0 255.255.255.0

split-tunnel-network-list value VPN_PROVEEDOR1_SPLIT

or may be you can use access-list in your router gateway.

104
Views
10
Helpful
1
Replies
CreatePlease to create content