Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Limit VPN client connect to specific IP

We use the basic Cisco VPN Client for Windows for our employees to connect to our network. No issues with it.

We want to have one of our customers use it and when they connect to the router, allow it (via the PCF?) to connect to a single IP address. So, for example, customer A connects via the client to our router and he could only ping and/or connect to 10.10.10.50. Everything else is unavailable to him.

Is this possible with a PCF config file or would there need to be programming on the router or not possible at all?

Thanks,

Charles

3 REPLIES
New Member

Re: Limit VPN client connect to specific IP

Hi Charles,

It is possible with the help of ACL.While defining VPN client group , configure the ACL for the restricted access.

e.g.

crypto isakmp client configuration group

key ****

pool

acl 101

access-list 101 permit ip host 10.10.10.50.

Hope to help

Rahul

Re: Limit VPN client connect to specific IP

If you have one user and they're listed on the ASA, you can go under their username attributes and set an acl using "vpn-filter value". This also restricts what they can get to.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Limit VPN client connect to specific IP

Thanks for the answers. To further this, my understanding is you can put an "!" on lines in a .pcf so that the user can't change the setting in the client software. But the user *could* go in and change the .pcf directly and re-import it.

If I need to send one of our customers the client and the .pcf to install and import, I guess they could undo any of the settings I set if they know how to edit the .pcf. Can I create a protected .pcf? How would I send a customer the client and settings to install and not have them be able to alter their config?

Thank you. This is all a first for me.

Charles

289
Views
0
Helpful
3
Replies