Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Restricting Remote Access VPN

Hello,

How can i limit Remote Access VPN users, only to a pariticular ip address in may inside network, say 10.10.10.1

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Restricting Remote Access VPN

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.

You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.

If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

7 REPLIES

Re: Restricting Remote Access VPN

You have multiple options:-

1) Write an ACL that is applied to the VPN client.

2) Allow them all access - and write an acl to be applied to the outbound direction of your inside interface

3) Write an ACL for that 1 device and configure is for split tunneling.

4) Assign a dynamic ACL upon connection (this requires an ACS)

HTH>

Community Member

Re: Restricting Remote Access VPN

You can also try using a vpn-filter which you apply to the group policy. hth

Community Member

Re: Restricting Remote Access VPN

Could you please give some examples to do the same...

Thank You.

Re: Restricting Remote Access VPN

Community Member

Re: Restricting Remote Access VPN

If you have an ASA you can simply create a new ACL defining the single inside host to communicate to the network/pool used for the Client VPN users.

You can apply the vpn-filter to the group-policy however doing so all users using that group-policy will inherit that vpn-filter and be restricted to the traffic you have defined within the filter ACL.

If you wish to restrict access for a specific user you can apply that same vpn-filter for that specific user within the user attributes. This filter would not affect connectivity for all of the users connecting to the same group-policy only the user bound to the filter.

Community Member

Re: Restricting Remote Access VPN

Thank you very much jason, i will go for the first option, that will do magic for me..........

Thakns for all who responded on ma query...

Regards,

Shijo.

Community Member

Re: Restricting Remote Access VPN

Hi,

I have configured Remote VPN on outside interface for outside users. Now I want to allow only few IP's to access the Remote VPN so for this, what configuration is required. Pls expain an example if possible.

197
Views
5
Helpful
7
Replies
CreatePlease to create content