Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to Deny All the Network other than required

Hello,

Netpros.

I have Cisco VPN 3005 Concentrator with IOS 4.7 running.

I wan to configure Rules under traffic management, as i wan to allow only 4 to 5 ip addresses and wans to deny rest of all the ip address.

How to define that under Network List....?

i tried with 0.0.0.0/255.255.255.255 but IOS is not accepting that.

Additionaly i wan to ask that after denying all the network other than 4 to 5 ip address, can i able to access the Internet or not....?

Waiting for positive reply..

Thanks,

Dhaval Tandel

1 REPLY

Re: How to Deny All the Network other than required

hello Dhaval,

You can enable split tunneling and enable access only for those 4 or 5 IPs through the split tunnel. Rest of the IPs are not pushed on the IPSEC, thus restricting access. When you enable split tunneling, you can browse internet also, when you are connected on VPN. This is the best way to achieve this. without split tunnel, you cant achieve internet access when connected on VPN.

you can refer to the configuration guide of VPN 3000 for the configuration of the split tunnel.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a008015ce29.html

hope this helps.. all the best..rate replies if found useful...

Raj

95
Views
0
Helpful
1
Replies