02-28-2006 01:03 PM - edited 02-21-2020 02:17 PM
I am terminating VPN connections on an ASA and want to set up some sort of ACL or something that will only allow the clients to connect to IP ranges that I specify.
If it were a L2L VPN, I could use the match address, but since it's a dynamic map, how do I specify what these clients have access to and what they don't? Thanks!
03-06-2006 01:07 PM
Learn to use the SSL VPN feature to give users increased mobility and flexibility for VPN access by enabling them to establish secure remote-access VPN tunnels to an ASA using only a Web browser. After a brief explanation of SSL VPN and how it compares to traditional VPNs, watch a demonstration of how to configure the ASA to support the SSL VPN feature set.
www.cisco.com/application/pdf/en/us/ guest/products/ps6120/c1031/cdccont_0900aecd8033abef.pdf
05-29-2006 07:32 AM
You probably already solved this, but here goes:
tunnel-group VPN-GROUP general-attributes
address-pool VPN-POOL
authentication-server-group RADIUS
default-group-policy VPN-Policy
group-policy VPN-Policy attributes
vpn-filter value Client-Filter-VPN
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel-VPN
Then define an access-list Client-Filter-VPN which defines what the VPN-users (source-address from VPN-POOL) may connect to.
05-30-2006 05:14 AM
Yes, I did figure that out already. Your answer is exactly what I ended up doing. It just seemed way to simple to be a basic ACL to solve this problem. I over-thought it :-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: