Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
3
Replies

Controlling Traffic

dhavaltandel
Level 1
Level 1

‎07-28-2006 10:19 AM - edited ‎03-09-2019 03:44 PM

Hello,

Netpros.

I have Cisco VPN 3005 Concentrator with IOS 4.7 running.

I wan to configure Rules under traffic management, as i wan to allow only 4 to 5 ip addresses and wans to deny rest of all the ip address.

How to define that under Network List....?

i tried with 0.0.0.0/255.255.255.255 but IOS is not accepting that.

Additionaly i wan to ask that after denying all the network other than 4 to 5 ip address, can i able to access the Internet or not....?

Waiting for positive reply..

Thanks,

Dhaval Tandel

Labels:
0 Helpful
3 Replies 3

Brandon Buffin
VIP Alumni
VIP Alumni

‎07-28-2006 11:59 AM

Dhaval,

For example, if you want to allow VPN traffic to the range 192.168.1.1 - 192.168.1.5, you could create a network list such as:

192.168.1.1/0.0.0.0

192.168.1.2/0.0.0.0

192.168.1.3/0.0.0.0

192.168.1.4/0.0.0.0

192.168.1.5/0.0.0.0

Then either configure this Network List as the local network in LAN to LAN configuration or in group configuration for remote access VPN connections. In group configuration, go to the Client Config tab. Enable Split Tunneling and specify the list you just created as the Split Tunneling Network List. With this configuration a remote VPN client can access 192.168.1.1 - 192.168.1.5 and still access the internet and other resources using their local LAN.

Hope this helps. If so, please rate the post.

Brandon

0 Helpful

dhavaltandel
Level 1
Level 1
In response to Brandon Buffin

‎07-29-2006 03:18 AM

Hi,

Thanks for teking interest.

And i appriciate your answer, but by this way i can configure 5 ip address either deny or allow, additionaly with this configuration i want that no any other ip should access my VPN concentrator other than my configured ip address.

So i wan to allow 5 ip and deny all other...

as my VPN Concentrator is gateway of my office LAN.

Thanks,

Dhaval

0 Helpful

Brandon Buffin
VIP Alumni
VIP Alumni
In response to dhavaltandel

‎07-29-2006 10:34 AM

Dhaval,

If you want to only allow 5 addresses to access your concentrator to setup VPN sessions, you can go to Configuration -> Policy Management -> Traffic Management. Create a rule that allows only a given network list. Create a filter with a default action of Drop and assign the rule you created to the filter. Then assign the filter to your remote access group(s) using the General tab in group configuration.

If you want to limit the IP addresses that can access the administration interface of your concentrator, go to Administration -> Access Rights -> Access Control List and add the addresses that should be allowed access to manager the concentrator.

Hope this helps.

Brandon

0 Helpful
Customers Also Viewed These Support Documents