Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
270
Views
0
Helpful
1
Replies

Client Remote VPN with Restricted IP and Ports Access

RobboRobson
Level 1
Level 1

‎03-18-2009 05:53 AM

Hi,

I hope someone can help me.

I think this might be a relatively easy answer but I am struggling to get this to work properly.

I have configured an IPSec VPN connection which the clients connect to.

When connected, they receive an IP Address of 192.168.6.x/24.

Once they receive this IP address they can then connect to any server on our 192.168.1.x/24 network via any service.

I now want to restrict all users connecting as 192.168.6.x/24 to be restricted to only being able to access 192.168.1.17 on port 3389.

Thanks

James

Labels:
0 Helpful
1 Reply 1

acomiskey
Level 10
Level 10

‎03-18-2009 06:19 AM

What device? Assuming ASA/PIX 7...

Option 1...

no sysopt connection permit-ipsec or permit-vpn depending upon version

access-list outside_access_in extended permit tcp 192.168.6.0 255.255.255.0 host 192.168.1.17 eq 3389

access-group outside_access_in in interface outside

If you do it this way it will restrict any ipsec vpn you have set up and you will have to specifically permit any access in the outside acl.

Here's option 2.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

0 Helpful
Customers Also Viewed These Support Documents