Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting users to single internal IP

I want to lock down a VPN group to one internal IP address/server only. No access to the rest of the LAN whatsoever. Can I do this and if so, how? (Cisco 3030 VPN using Cisco 3.1.1 client).

Thanks for any help or pointers.


Re: Restricting users to single internal IP

You should be able to create a separate network list and put a single IP address and wildcard ( Then under your VPN group select that network list as the split tunneling network list. You'll probably want to select "Only tunnel networks in list" in the split tunneling policy.

Hope this helps.

New Member

Re: Restricting users to single internal IP

Split tunnelling (at least as described here) only tunnels the designated network; in other words, the rest of the traffic doesn't pass thru the tunnel, and is completely unrestricted. I want to be able to lock this user group down to accessing a single IP inside our corporate network and not be able to do/see/touch anything else. (These are third-party individuals who need access to something residing on one specific server and we don't want them to see/touch anything else).

Is that possible? How?



New Member

Re: Restricting users to single internal IP

You can set up a rule defining the group using the IP address of the server you want them to be able to reach and in the action button you select forward in, then setup a filter and select the rule from the drop down menu into the filter.

CreatePlease login to create content