I need to establish a IPSec-VPN connection for remote users. Our setup is like that:
internet -> VPN Con 3005 -> Intranet.
Most of our servers are on the Intranet but users don't need access to all of them. So I tried to restrict access only to one single server with a few TCP ports. Therefore I created a new group, allowed only IPSec and build a filter. The filter consists of a few rules (ping in and outbound, tcp-port 3306 in/out and rdp port 3389 in/out). I attached the rule to the filter and the filter to the group (through general->filter and also through client fw->policy pushed cpp) but nothing worked. I can't ping or telnet to the given ports. The target server is on the same network as the vpn-clients so routing is not the problem.
I've also tried to change the default filters (public) and added the rdp-port to this filter but this doesn't work too.
Could someone please tell me how to restrict access to specific servers on specific ports if the vpn-client and the target servers are on the same subnet?
By now, we use Cisco Systems, Inc./VPN 3000 Concentrator Version 4.7.2.E Feb 08 2006 13:08:45 on a VPN Con 3005.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...