Cisco Support Community
Community Member

Firewall settings on VPN Con 3005

Hi all,

I need to establish a IPSec-VPN connection for remote users. Our setup is like that:

internet -> VPN Con 3005 -> Intranet.

Most of our servers are on the Intranet but users don't need access to all of them. So I tried to restrict access only to one single server with a few TCP ports. Therefore I created a new group, allowed only IPSec and build a filter. The filter consists of a few rules (ping in and outbound, tcp-port 3306 in/out and rdp port 3389 in/out). I attached the rule to the filter and the filter to the group (through general->filter and also through client fw->policy pushed cpp) but nothing worked. I can't ping or telnet to the given ports. The target server is on the same network as the vpn-clients so routing is not the problem.

I've also tried to change the default filters (public) and added the rdp-port to this filter but this doesn't work too.

Could someone please tell me how to restrict access to specific servers on specific ports if the vpn-client and the target servers are on the same subnet?

By now, we use Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.E Feb 08 2006 13:08:45 on a VPN Con 3005.


Re: Firewall settings on VPN Con 3005

leave the public filter alone.

create a new filter and remember that inbound means from the client and outbound means to the client. Apply that filter to the group.

Leave the CPP off for now. I think that would need a different filter because there inbound means to the client (opposite to filter applied to group).

CreatePlease to create content