I want to lock down a VPN group to one internal IP address/server only. No access to the rest of the LAN whatsoever. Can I do this and if so, how? (Cisco 3030 VPN using Cisco 3.1.1 client).
You should be able to create a separate network list and put a single IP address and wildcard (192.168.1.10/255.255.255.255). Then under your VPN group select that network list as the split tunneling network list. You'll probably want to select "Only tunnel networks in list" in the split tunneling policy.
Split tunnelling (at least as described here) only tunnels the designated network; in other words, the rest of the traffic doesn't pass thru the tunnel, and is completely unrestricted. I want to be able to lock this user group down to accessing a single IP inside our corporate network and not be able to do/see/touch anything else. (These are third-party individuals who need access to something residing on one specific server and we don't want them to see/touch anything else).
You can set up a rule defining the group using the IP address of the server you want them to be able to reach and in the action button you select forward in, then setup a filter and select the rule from the drop down menu into the filter.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
