Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Servers with real IP behind the 3005

We have a VPN Concentrator 3005 and Four servers with real IP assigned. We need to allow external Cisco VPN Clients to use One server out of four only. At the same time, we need to allow other normal external users to access the remaining 3 servers. Lan users are on a private netwrok and they also need to access all the four servers as well as internet surfing.

Can somebody suggest where should be put the servers and what filter should be used to pass the traffice?

Thanks and regards

Kishore

1 REPLY
New Member

Re: Servers with real IP behind the 3005

1 "allow external Cisco VPN clients to use one server out of four only"

config filter apply to the group level can control this easily. Or if you have a router behind the VPN 3005 concentrator, put a access-list to control the traffic from the ip address pool for VPN clients will do as well.

2 "At the same time, we need to allow other normal external users to access the remaining 3 servers. " If you mean other nomal external users can access your 4 servers without using VPN, why need control for question 1 ? Because those users do not need use VPN can access 4 servers through internet any more.

3 ". Lan users are on a private netwrok and they also need to access all the four servers as well as internet surfing. "

This has nothing to do with VPN 3005 concentrator. If have a PIX, put 4 servers in the DMZ 1 interface, and concentrator in the DMZ2 interface, inside interface connect to your local LAN, outside interface is the internet.

I am pretty sure you can make above working fine.

88
Views
0
Helpful
1
Replies
CreatePlease login to create content