Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP Clients accessing Router using VPN.

I have a VPN connections coming into the Cisco 1605 router. But the remote VPN client is using any ISP and the VPN clients have the DHCP address of the ISP. And different ISP have different Ip addresses. Therefore the IP addresses coming into my cisco 1605 router is DHCP. And not static, so I have to use

[permit ip any any] in the access list because VPN clients could be coming from anywhere. But I have to do this because VPN clients could be coming from any IP addresses. But using the command [permit ip any any] is unsafe as anyone who knows the ip address of the router wan port could get in. Is there any way to set up the cisco router so that only certain DHCP vpn clients can get in???????????? If these vpn clients were static it would be dammed easy.

New Member

Re: DHCP Clients accessing Router using VPN.

Make sure you are using a strong identification scheme to avoid problems. The secure-ID tokens are strongly recommended.

New Member

Re: DHCP Clients accessing Router using VPN.

'Permit ip any any' is scary. Set up advanced access lists for all interfaces defining specific servers and protocols to be accessible, and deny every thing else. If there are a limited number of ISP's put a permit statement for each one, allowing the their pool networks. Not very tight but does help. Define who can access the router it self with an access list on vty 0 4. Consider buying IOS Firewall or a standalone firewall. I hope these are helpful.


CreatePlease to create content