Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Server restriction

Hi All,

I am fairly new to the world of PIX/ASA. I have an ASA 5510. I have setup vpn and such and managed to get it all going ok with the help of a few folks in these forums. I have another question though. I have a vendor that needs access to a few servers inside my network. I understand that I can make a different tunnel group and group policy for their vpn use. I have created a different pool and such for them. I used the wizard to create the new vpn group and such. When I got to question where it states what hosts or networks you would like allowed to this vpn group, i put in the hosts that i would like the group to access. well, when i go in with this vendor group and such, i am still allowed to ping or remote into any hosts i wish. is this correct? I noticed it places the following into the config:

access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248

access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248

access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248

access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248

Is there something wrong with the config?

TIA,

R

2 REPLIES

Re: Server restriction

HI .. when you add the hosts make sure their subnet mask is 255.255.255.255 otherwise you might be allowing access to the whole subnet.

I hope it helps .. please rate it if it does !!!

New Member

Re: Server restriction

Make sure the pool you created is subnetted correctly and both pools are in different subnets.

99
Views
0
Helpful
2
Replies
CreatePlease login to create content