Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DHCP clients accessing router using VPN.

I have a VPN connections coming into the Cisco 1605 router. But the remote VPN client is using any ISP and the VPN clients have the DHCP address of the ISP. And different ISP have different Ip addresses. Therefore the IP addresses coming into my cisco 1605 router is DHCP. And not static, so I have to use

[permit ip any any] in the access list because VPN clients could be coming from anywhere. But I have to do this because VPN clients could be coming from any IP addresses. But using the command [permit ip any any] is unsafe as anyone who knows the ip address of the router wan port could get in. Is there any way to set up the cisco router so that only certain DHCP vpn clients can get in???????????? If these vpn clients were static it would be dammed easy.

1 REPLY
New Member

Re: DHCP clients accessing router using VPN.

If the 1605 is the vpn endpoint you should not be permitting anything. The client connects to the "outside" interface. Client based remote vpn's are not based on IP addresses. Instead you use either a Certificate or a shared key to authenticate to the router securely.

If you have a CCO account there are plenty of examples of how to do this.

http://www.cisco.com/warp/customer/707/index.shtml#ipsec

204
Views
0
Helpful
1
Replies
CreatePlease to create content