We have a Central office which acts as a HUB location for all the database access from remote locations.
At cenral location we have a internet connectivity using cisco 2610 router we also have cisco pix firewall deployed for for security purpose.
We have configured VPN on the firewall for remote access clients who want to access central site lan with secured vpn tunnel.
New requirement is to allow the VPN from specific Public IP only and block the rest of world (Public IP).we have more than 4 remote sites who using fixed public IP will via VPN to central site for accessing LAN.
Pls advice with sample config for the above scenario.
PIX config related to VPN is as listed below.
!--- Access list to avoid Network Address Translation (NAT)
!--- on the IPSec packets
access-list 101 permit ip 192.168.48.0 255.255.255.0 10.1.2.0 255.255.255.0
!--- IP addresses on the interfaces
ip address outside 22.214.171.124 255.255.255.240
ip address inside 192.168.128.1 255.255.255.252
ip address dmz 192.168.98.2 255.255.255.224
ip local pool vpnpool 10.1.2.1-10.1.2.10
!--- Binding ACL 101 to the NAT statement to avoid NAT
Re: Allowing of Specific Public IP through IPSEC VPN
I am not quite clear on what exactly is needed here. Do you want the VPN to connection to your central site only from fixed IP addresses? If yes, then will you block all the VPN connections from the clients from other addresses? I think the access-list commands that are used in the crypto map needs to be modified.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :