I have been setting up VPN connection using VPN 3005 for the Remote access vpn clients and site-to-site connections. I have no problem with the connections, the vpn clients could now connect to the private network through tunneled. But I want to limit the access of the vpn clients on my inside network to allow only 4 servers for them to be access. I've tried to configure the specific IPs of those 4 servers on the Network Lists of the VPN concentrator but still all the PCs on the whole subnet of my private network are transparent to them. Is there something wrong with my config with network lists? Does the VPN concentrator has capable of filtering of IPs or access-list?
Hi Jason I had the same problem and I saw this url. Sincereley even if following it all function well it's not very clear to me the logic behind this filtering.
First, I supposed that when a packet doesn't match a rule it should be dropped by the filter action. Infact in the filter action explanation you should configure what happens when packet doesn't match the rule associated. In the example there is written "forward" !!!!.
Second it shouldn't be necessary to configure a rule with deny any any since in IOS also this deny is implicit.
So is there any documentation where the filtering is explained more completely ?
On a 3005 software version 3.6 you can specify local and remote network lists for a lan to lan. For clients you can specify split tunneling network lists. So you might consider setting up your clients to use split tunneling and specify a custom network list that looks like:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :