Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Applying Access rules to Remote Access VPN

Hello all. I have just configured a new RA VPN Group. When connected, users are able to connect to any resources I have defined in Group Policy\Split Tunneling.

However, I would like to restrict this VPN Group to access just a few resources such as RDP on a few servers and ssh on a few switches. How do I accomplish this? I have tried putting some rules in the rulebase but they do not seem to be restricting this traffic.

Thanks

5 REPLIES
Cisco Employee

Re: Applying Access rules to Remote Access VPN

Hi Kevin,

We can use vpn-filters for this purpose:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpngrp.html#wp1134794

For example, if your VPN pool is 10.1.1.0/24 and inside netowrk is 10.1.2.0/24 to which you want to allow access only on TCP port 22, the access-list fpr VPN filter will be as below:

access-list VPN permit tcp 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 eq ssh

This will then have to specified under the group-policy as the vpn-filter. let me know if this helps.

Regards,

Prapanch

Community Member

Re: Applying Access rules to Remote Access VPN

Thanks for your reply Prapanch,

So I take it there is now way to view or edit these vpn-filters from ASDM? Also, is there a way to attach these vpn-filters to the group-policy via the ASDM?

Thanks,

Kevin

Cisco Employee

Re: Applying Access rules to Remote Access VPN

Hi Kevin,

You can do the same using ASDM as well. On the ASDM, go to the group-policies section and select the group-policy you have specified for your remote access users. Then press "Edit". Once here, you should see an option saying VPN filter or IPv4Filter or something like that. You can click the "Manage" buttong there and then either using an existing ACL or create a new one as required.

I am not sure of the ASDM version you are using so don't know the exacty terms but the path should be the same irrespective of the ASDM version.

Hope this helps!

Regards,

Prapanch

Community Member

Re: Applying Access rules to Remote Access VPN

Hi Prapanch,

Ok, I see it now. I hadnt hit the "More Options" button. This is my first ASA VPN config as I have always used Checkpoint so thanks for directing me to the right place.

Thanks,

Kevin

Cisco Employee

Re: Applying Access rules to Remote Access VPN

Hey Kevin,

Glad that i could be of help. Please mark this as Answered if all is resolved.

Regards,

Prapanch

267
Views
0
Helpful
5
Replies
СоздатьДля создания публикации, пожалуйста в систему