Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
2
Replies

DHCP Clients accessing Router using VPN.

huytuan
Level 1
Level 1

‎02-25-2002 04:02 PM - edited ‎02-21-2020 11:37 AM

I have a VPN connections coming into the Cisco 1605 router. But the remote VPN client is using any ISP and the VPN clients have the DHCP address of the ISP. And different ISP have different Ip addresses. Therefore the IP addresses coming into my cisco 1605 router is DHCP. And not static, so I have to use

[permit ip any any] in the access list because VPN clients could be coming from anywhere. But I have to do this because VPN clients could be coming from any IP addresses. But using the command [permit ip any any] is unsafe as anyone who knows the ip address of the router wan port could get in. Is there any way to set up the cisco router so that only certain DHCP vpn clients can get in???????????? If these vpn clients were static it would be dammed easy.

Labels:
0 Helpful
2 Replies 2

rrbleeker
Level 1
Level 1

‎02-26-2002 10:53 AM

Make sure you are using a strong identification scheme to avoid problems. The secure-ID tokens are strongly recommended.

0 Helpful

rsnider
Level 1
Level 1

‎02-27-2002 08:50 AM

'Permit ip any any' is scary. Set up advanced access lists for all interfaces defining specific servers and protocols to be accessible, and deny every thing else. If there are a limited number of ISP's put a permit statement for each one, allowing the their pool networks. Not very tight but does help. Define who can access the router it self with an access list on vty 0 4. Consider buying IOS Firewall or a standalone firewall. I hope these are helpful.

Ron

0 Helpful
Customers Also Viewed These Support Documents