I'm attempting to limit access to network resources across a VPN tunnel but can't seem to get it right. Here's the situation...
1 Terminal Server (OKATERM1)
2 DC's + DNS (OKAMAIN1 & OKASQL1)
I want to allow DNS requests to the 2 DC's and RDP access to the Terminal Server for remote VPN clients. Nothing else is needed. My config looks good (to me), but clearly something is wrong. When I setup the VPN tunnel for testing there is full access to all 3 servers.
Any suggestions or comments are appreciated.
Config info follows:
name 192.168.2.11 OKASQL1
name 192.168.2.10 OKAMAIN1
name 192.168.2.12 OKATERM1
access-list inside_outbound_nat0_acl permit ip 192.168.2.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKAMAIN1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKASQL1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKATERM1 192.168.3.0 255.255.255.0
access-list outside_cryptomap_dyn_40 remark VPN access to DNS
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...
Unable to get signature update from cisco.com
1. Make sure the router can get name resolution. Configure the router with a proper DNS name server.
ISR4451#utd threat-inspection signature update server cisco username xxxxx password yyyyy