Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
5
Helpful
1
Replies

Do split tunnel ACL's support port #'s ?

PNTECH
Level 1
Level 1

‎02-17-2004 07:08 AM

Hello,

I want to lock down some vpn client users in a particular group that connect to our router to be able to only access RDP on a server. I cannot seem to get this to work through a split tunnel ACL for the group :

access-list 100 permit tcp host 192.168.5.10 192.168.3.0 .0.0.0.255 eq 3389

It seems that the way the split tunnel ACL specifies the source and destination subnets (they are reversed for split tunneling) that it can't support a destination TCP port on the LAN ? ( I have tried the ACL many other ways and I can't get it to work)

IS there any way to make it work with a split tunnel ACL or do I just have to configure different vpn client subnets for each group and filter them on an interface ACL ?

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎02-17-2004 07:33 AM

you cannot do this with a split tunnel acl

Customers Also Viewed These Support Documents