Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port filtering on vpn 3000 concentrator

Hi,

Is there a way to limit vpn client sessions based on the application ports? For example, I would like to give access to a vendor to a specific internal server but his access needs to be limited to FTP only. I can define the server access using a VPN network list but I'm not sure how to restrict further by using the port numbers.

I'm ruling out the VPN Filters since they need to be applied physically to an interface, affecting other users whose access are based on IP addresses.

Thanks.

-Jim

3 REPLIES
Silver

Re: Port filtering on vpn 3000 concentrator

You can configure an extended access list and specify the port range for each ip address. The following URL might help.

http://cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml#tab4

New Member

Re: Port filtering on vpn 3000 concentrator

I curious to know how you limited the vendor to a specific internal server. I need to do the same.

New Member

Re: Port filtering on vpn 3000 concentrator

I was wrong about using the filters. Filters can be applied to VPN groups to limit access down to the port level. The filters become complex when restrictions are numerous and the number of servers involved is large. Filters can not be applied to VPN users.

To answer your question of just limiting the access to a specific server, use split tunneling in conjunction with a network list. You include the internal server IP address in the network list.

-Jim

106
Views
0
Helpful
3
Replies