Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Secure remote access VPN with ASA

I am terminating VPN connections on an ASA and want to set up some sort of ACL or something that will only allow the clients to connect to IP ranges that I specify.

If it were a L2L VPN, I could use the match address, but since it's a dynamic map, how do I specify what these clients have access to and what they don't? Thanks!

3 REPLIES
Silver

Re: Secure remote access VPN with ASA

Learn to use the SSL VPN feature to give users increased mobility and flexibility for VPN access by enabling them to establish secure remote-access VPN tunnels to an ASA using only a Web browser. After a brief explanation of SSL VPN and how it compares to traditional VPNs, watch a demonstration of how to configure the ASA to support the SSL VPN feature set.

www.cisco.com/application/pdf/en/us/ guest/products/ps6120/c1031/cdccont_0900aecd8033abef.pdf

New Member

Re: Secure remote access VPN with ASA

You probably already solved this, but here goes:

tunnel-group VPN-GROUP general-attributes

address-pool VPN-POOL

authentication-server-group RADIUS

default-group-policy VPN-Policy

group-policy VPN-Policy attributes

vpn-filter value Client-Filter-VPN

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-tunnel-VPN

Then define an access-list Client-Filter-VPN which defines what the VPN-users (source-address from VPN-POOL) may connect to.

New Member

Re: Secure remote access VPN with ASA

Yes, I did figure that out already. Your answer is exactly what I ended up doing. It just seemed way to simple to be a basic ACL to solve this problem. I over-thought it :-)

112
Views
5
Helpful
3
Replies
CreatePlease login to create content