Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Client Remote VPN with Restricted IP and Ports Access

Hi,

I hope someone can help me.

I think this might be a relatively easy answer but I am struggling to get this to work properly.

I have configured an IPSec VPN connection which the clients connect to.

When connected, they receive an IP Address of 192.168.6.x/24.

Once they receive this IP address they can then connect to any server on our 192.168.1.x/24 network via any service.

I now want to restrict all users connecting as 192.168.6.x/24 to be restricted to only being able to access 192.168.1.17 on port 3389.

Thanks

James

1 REPLY
Green

Re: Client Remote VPN with Restricted IP and Ports Access

What device? Assuming ASA/PIX 7...

Option 1...

no sysopt connection permit-ipsec or permit-vpn depending upon version

access-list outside_access_in extended permit tcp 192.168.6.0 255.255.255.0 host 192.168.1.17 eq 3389

access-group outside_access_in in interface outside

If you do it this way it will restrict any ipsec vpn you have set up and you will have to specifically permit any access in the outside acl.

Here's option 2.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

111
Views
0
Helpful
1
Replies