Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can you create a limited client VPN access?

My vendor wants to use client VPN to access my network but I want to limit them to access one IP using port 443. What change do I need to made?

Here is the short version of config.

interface ethernet0

ip address

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool

username testuser password 12345678

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside


Re: Can you create a limited client VPN access?

You have to add in the nonat the segments that the your provider can access like this.

access-list nonat extended permit ip host

or if you use the split tunnel you can control it int his cacces list.

like this.

access-list VPN_PROVEEDOR1_SPLIT extended permit ip

split-tunnel-network-list value VPN_PROVEEDOR1_SPLIT

or may be you can use access-list in your router gateway.

CreatePlease to create content