I have Pix with some vpn clients configured, it is working fine, but the crypto list permissions has total IP access, I need to implement permissions only to my Server with a specific port, but, if I do that, I lost the vpn clients access.
that is my current configuration, thing is, I need to implement two VP-groups, firts one has total access (172.20.1.0), then, I need the second one with limited access(172.25.1.0), I need that pool access the server(192.168.1.1 only with 1433 port.
The cisco recommended method to achieve this is to use split tunneling. This method will work, but does introduce the risk of access between a users local (potentially unsafe) network to your LAN whilst connected to the VPN.
You would need to configure your device similarly to this:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...