Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
3
Replies

VPN Client access restriction

imranraheel
Level 1
Level 1

‎12-14-2007 06:59 AM - edited ‎02-21-2020 03:26 PM

I want to restrict VPN clients to few systems. Currently who ever accesses the office LAn via VPN is able to access every system.

Is there any way to restrict

Labels:
0 Helpful
3 Replies 3

husycisco
Level 7
Level 7

‎12-14-2007 07:29 AM

Hi Imran

Sure.

group-policy yourexstingvpnpolicynamehere attributes

vpn-filter value restrictions

Now If you want to allow specific traffic and deny the rest, use following

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended permit tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended deny ip any any

If you want to deny specific traffic and permit the rest, use the following

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz

access-list restrictions extended deny tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433

access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx

access-list restrictions extended permit ip any any

Regards

0 Helpful

husycisco
Level 7
Level 7
In response to acomiskey

‎12-14-2007 07:43 AM

Ah, I was typing the above edited post and you sent the link :)

0 Helpful
Customers Also Viewed These Support Documents