12-14-2007 06:59 AM - edited 02-21-2020 03:26 PM
I want to restrict VPN clients to few systems. Currently who ever accesses the office LAn via VPN is able to access every system.
Is there any way to restrict
12-14-2007 07:29 AM
Hi Imran
Sure.
group-policy yourexstingvpnpolicynamehere attributes
vpn-filter value restrictions
Now If you want to allow specific traffic and deny the rest, use following
access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz
access-list restrictions extended permit tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433
access-list restrictions extended permit ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx
access-list restrictions extended deny ip any any
If you want to deny specific traffic and permit the rest, use the following
access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipz
access-list restrictions extended deny tcp yourvpnclientpool yourvpnclientpoolmask host insideclientipy eq 1433
access-list restrictions extended deny ip yourvpnclientpool yourvpnclientpoolmask host insideclientipx
access-list restrictions extended permit ip any any
Regards
12-14-2007 07:38 AM
12-14-2007 07:43 AM
Ah, I was typing the above edited post and you sent the link :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide