Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

cisco VPN client

ffati
Level 1
Level 1

‎10-08-2003 07:41 AM - edited ‎02-21-2020 12:48 PM

Hi,

I have a Cisco VPN Client and a PIX Firewall.

I want to know if there is any possibility to reject connection from those client to a specified server,

thanks

Labels:
0 Helpful
1 Reply 1

dchen2
Level 1
Level 1

‎10-11-2003 07:45 PM

When you configure the PIX, usually there is a new nat pool assoicated with the incoming VPN user. You can use this access control list to restrict the VPN user access. For example: the pool for the VPN user is 10.10.10.0/24 and the only server they can access is 192.168.10.1/32. The related command will be:

access-list 101 permit ip host 192.168.10.1 10.10.10.0 255.255.255.0

nat (inside) 0 access-list 101

You can also relay the user authentication to AAA server and create the dynamic access control list per user/group based.

0 Helpful
Customers Also Viewed These Support Documents