I'm attempting to limit access to network resources across a VPN tunnel but can't seem to get it right. Here's the situation...
1 Terminal Server (OKATERM1)
2 DC's + DNS (OKAMAIN1 & OKASQL1)
I want to allow DNS requests to the 2 DC's and RDP access to the Terminal Server for remote VPN clients. Nothing else is needed. My config looks good (to me), but clearly something is wrong. When I setup the VPN tunnel for testing there is full access to all 3 servers.
Any suggestions or comments are appreciated.
Config info follows:
name 192.168.2.11 OKASQL1
name 192.168.2.10 OKAMAIN1
name 192.168.2.12 OKATERM1
access-list inside_outbound_nat0_acl permit ip 192.168.2.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKAMAIN1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKASQL1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKATERM1 192.168.3.0 255.255.255.0
access-list outside_cryptomap_dyn_40 remark VPN access to DNS
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...