Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to restrict VPN clients to access certain network devices

How can I setup VPN clients to only be allowed to access certain devices on the network?

Please Help thanks.


Re: How to restrict VPN clients to access certain network device

There are two methods which can be combined, assuming you're using the Cisco VPN client.

1. Enable split tunneling. It will tell the clients what should be sent over the tunnel and what shouldn't. Only include in the split tunnel lists what you want clients to connect to.

2. Create filters on the VPN concentrator for the VPN group that only allows access to what you would like. Create the rules/filters under "Policy Management" and them apply them to the group on the "General" tab using the "Filters" drop down box.

I recommend using both. This means all internal networks should be defined in the split-tunnel and go across the VPN session. Use the filters to deny what you don't want at the concentrator. This will prevent your VPN clients from sending traffic meant for the internal network out to the Internet instead. You don't want any traffic like meant for internal networks inadvertently going out to the Internet in clear-text.