Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Do split tunnel ACL's support port #'s ?

Hello,

I want to lock down some vpn client users in a particular group that connect to our router to be able to only access RDP on a server. I cannot seem to get this to work through a split tunnel ACL for the group :

access-list 100 permit tcp host 192.168.5.10 192.168.3.0 .0.0.0.255 eq 3389

It seems that the way the split tunnel ACL specifies the source and destination subnets (they are reversed for split tunneling) that it can't support a destination TCP port on the LAN ? ( I have tried the ACL many other ways and I can't get it to work)

IS there any way to make it work with a split tunnel ACL or do I just have to configure different vpn client subnets for each group and filter them on an interface ACL ?

1 REPLY
Silver

Re: Do split tunnel ACL's support port #'s ?

you cannot do this with a split tunnel acl

194
Views
5
Helpful
1
Replies
CreatePlease to create content