Cisco Support Community
Community Member

Controlling Traffic



I have Cisco VPN 3005 Concentrator with IOS 4.7 running.

I wan to configure Rules under traffic management, as i wan to allow only 4 to 5 ip addresses and wans to deny rest of all the ip address.

How to define that under Network List....?

i tried with but IOS is not accepting that.

Additionaly i wan to ask that after denying all the network other than 4 to 5 ip address, can i able to access the Internet or not....?

Waiting for positive reply..


Dhaval Tandel

VIP Purple

Re: Controlling Traffic


For example, if you want to allow VPN traffic to the range -, you could create a network list such as:

Then either configure this Network List as the local network in LAN to LAN configuration or in group configuration for remote access VPN connections. In group configuration, go to the Client Config tab. Enable Split Tunneling and specify the list you just created as the Split Tunneling Network List. With this configuration a remote VPN client can access - and still access the internet and other resources using their local LAN.

Hope this helps. If so, please rate the post.


Community Member

Re: Controlling Traffic


Thanks for teking interest.

And i appriciate your answer, but by this way i can configure 5 ip address either deny or allow, additionaly with this configuration i want that no any other ip should access my VPN concentrator other than my configured ip address.

So i wan to allow 5 ip and deny all other...

as my VPN Concentrator is gateway of my office LAN.



VIP Purple

Re: Controlling Traffic


If you want to only allow 5 addresses to access your concentrator to setup VPN sessions, you can go to Configuration -> Policy Management -> Traffic Management. Create a rule that allows only a given network list. Create a filter with a default action of Drop and assign the rule you created to the filter. Then assign the filter to your remote access group(s) using the General tab in group configuration.

If you want to limit the IP addresses that can access the administration interface of your concentrator, go to Administration -> Access Rights -> Access Control List and add the addresses that should be allowed access to manager the concentrator.

Hope this helps.


CreatePlease to create content