Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting VPN 3000 user to specific servers

Hi,

I have configured a Cisco VPN 3000 concentrator behind a PIX Firewall

for remote users. I need to restrict users who land on the

concentrator to specific servers on my LAN. The Concentrator and the

servers are in the same LAN behind the firewall. So basically, can I

put some access control on the concentrator to restrict access of

users to specific IP addresses/ports within the network?

Regards,

Siddhartha

1 REPLY
New Member

Re: Restricting VPN 3000 user to specific servers

Siddhartha,

Assuming your remote users are using the Cisco VPN Client, you could potentially build a split-tunnel VPN group and build a split tunneling network list, which can be 32-bit specific. In this manner, the only traffic that will transit your VPN tunnel will be traffic intended for your site. This procedure will provide you the access control you want to exercise, and will be based upon the specific IP addresses within your network. Be careful to not overwrite their existing DNS/WINS configurations, so as to allow them normal operations on their LAN. These steps are configurable on the 3000 concentrator under Configuration / User Management / Groups and then the General and IPSEC tabs.

93
Views
0
Helpful
1
Replies
CreatePlease login to create content