Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

allow only specific IPs to connect ASA by IPSec remote access VPN

How I setup on ASA to  allow only specific IPs ( peer IPs ) to connect ASA  by remote access VPN( IPsec VPN client S/W).

Due to the remote access VPN, I had setup assigned IP to remote access VPN client during dialin.

I try to use the IPv4 Filter, but I was failed always.              

  • Remote Access
Everyone's tags (2)
6 REPLIES

allow only specific IPs to connect ASA by IPSec remote access VP

As the Crypto is enabled on 'outside' interface, I don't think there is a way to restrict on ASA itself by ACL. But if you have router in front of ASA, you can use ACL to restrict the access.

Thx

MS

New Member

It is doable on ASA. 

It is doable on ASA. 

You need to use crypto dynamic-map and set it to specific peer only, see example below for ikev2:

crypto dynamic-map DYNMAP 65005 set peer 2.2.2.2 
crypto dynamic-map DYNMAP 65005 set ikev2 ipsec-proposal IKEv2-IPSEC-PROPOSAL

Igor

Re:allow only specific IPs to connect ASA by IPSec remote access

Hi,

Yes, it is possible, just use the control-plane feature.

Do a research, in case of doubts please let me know.

Thanx

Portu

Sent from Cisco Technical Support Android App

Re:allow only specific IPs to connect ASA by IPSec remote access

Hi,

Yes. You can have the ACL created for inbound (outside to inside) where you can mention the specific IP's that needs to be applied to the box instead of only on the interface.

access-group outside_in interface outside control-plane

Try this and check.

Please do rate if the given information helps.

By

Karthik

Re:allow only specific IPs to connect ASA by IPSec remote access

Hi MS,

In case you do not have any further questions, please rate any helpful posts and mark this question as answered.

Thanks .

Portu

New Member

There is no answer to that

There is no answer to that question. Only control-plane mention without examples which still doesn't work for me. Please provide working examples on how to allow ONLY certain IPs to access IPsec. Basic cheap firewalls provide that feature out of the box, but not ASA.

1251
Views
9
Helpful
6
Replies