Is it possible to limit access to a particular server ie mail server. Do I do this by user or can I create a group. Our authentication right now is through our NT domain. Can I use this or do I have to create an internal group.
Re: Can I limit VPN access just to a certain server?
It would help if you told us what you're connecting to, and what client you're using. I'm going to assume this is a VPN3000 concentrator going by some of your references to groups and authentication.
Easiest way to do this is to create a new group that only allows access to this one server, then put those particular users into that group. Limiting access can be done one of two ways. Easiest is to set up split tunneling for this group and only include that server IP address in the network list. Another way to do it (more standard) is to create a filter that only allows access to this, then apply that to this new group.
Setting up filters to block tunnelled traffic from accessing internal hosts on a VPN3000 concentrator
Allow access to 10.1.1.2 and block everything else:
To block access to everything but 10.10.1.2, create a rule that is Inbound/Forward, Source of Anything, Destination of 10.1.1.2/0.0.0.0. Create another rule, it can be left at the defaults which is Inbound, Drop, Source of anything, Dest of anything. Create a filter with default action of forward and add both your new rules to it, making sure the rule that allows access to the host 10.1.12 is ABOVE the default rule that will drop everything else.
Block access to 10.1.1.2 and allow everything else:
To allow access to everything except 10.10.1.2, create a rule that says Inbound, Drop, Source of anything and Destination of 10.10.1.2/0.0.0.0. Add a filter who's default action is to forward, and add the rule to that filter.
- You can allow or block access to whole subnets simply by changing your address/mask combination to something like: 10.1.1.0/0.0.0.255
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...