Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Restrict vpn remote access

Hi,

I try to restrict access to the remote site from a vpn user using a vpn client software.

- concentrator vpn 3015 release 4.7.2.N-K9

- vpn client release 5.0.01.0600

the vpn connection is OK

I would like for example, to block http traffic on the remote site for a group (to block intranet access for example). One of my collegues told me that I have to use firewall filter and rules but i havn't succed yet.

My user "bundy" in the group "groutcho"

I've created a filter (in traffic management) which contains two rules (drop http inbound for all adresses, and drop http outbound for all adresses) one rules should be necessary but i put two to be sure !

I've configured the groutcho group in the "client firewall" tab to require cisco integrated firewall and to push my policy (the filter with the two drop rules)

Howether, the user can steal access a web server on the remote site.

I've tried to restrict all accesses (with two drop-all rules) but it also doesn't work, the user has full access to the remote site.

The only thing i manage to controll is to deny vpn-connection when the user doesn't have the good firewall on his computer.

Could you help me configuring correctly the concentrator in order to restrict access to the remote site ?

Thank you,

regards

4 REPLIES
Silver

Re: Restrict vpn remote access

You have the option of creating VPN -filters for this purpose. Refer following URL for creating filters on PIX/ASA.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

New Member

Re: Restrict vpn remote access

Thanks but in fact i would like the same type of document but for VPN concentrator 3000 series which is very different from pix....

bye

New Member

Re: Restrict vpn remote access

I've found the solution at http://cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080094eac.shtml

The only thing I added is a rule for outgoing in the filter.

thanks a lot.

New Member

Re: Restrict vpn remote access

Do you have a Cisco ACS server in this configuration?

333
Views
0
Helpful
4
Replies
CreatePlease to create content