Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Limited access for vpn connection

We have 3 sites connected with cisco Pix 515-525-501 site to site vpn. We have also 2 cisco 3005 vpn concentrators for remote users connecting to the system. I will have one remote user that should connect only to one of our servers in order to manage it. The remote users get internal ip once they log on and they get access to all the servers and pc's like they're in the office. Is there any possibility to block this specific user and give permission to only for one server?

Thanks,

Haim Beyhan

haimb@enigma.com

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Limited access for vpn connection

Hi,

A much better way to filter the traffic is by using firewall rules. First, assign a separate VPN group for your user(s) that need access to that server. Assign a pool to this group.

Then go to Configuration -> Policy Mgmt -> Rules: add a new rule that will allor traffic from the pool of the group to that specific server (source is the user address, destination is your server). Create another rule for the return traffic.

Create a new Filter (Configuration -> Policy Mgmt -> Filter): Add the two rules created above.

Go back to the remote access group and apply the filter to it ( you'll find the Firewall drop-down in "General" tab) and .... VOILA

Rate if all ok.

Cheers.

2 REPLIES
Bronze

Re: Limited access for vpn connection

Re: Limited access for vpn connection

Hi,

A much better way to filter the traffic is by using firewall rules. First, assign a separate VPN group for your user(s) that need access to that server. Assign a pool to this group.

Then go to Configuration -> Policy Mgmt -> Rules: add a new rule that will allor traffic from the pool of the group to that specific server (source is the user address, destination is your server). Create another rule for the return traffic.

Create a new Filter (Configuration -> Policy Mgmt -> Filter): Add the two rules created above.

Go back to the remote access group and apply the filter to it ( you'll find the Firewall drop-down in "General" tab) and .... VOILA

Rate if all ok.

Cheers.

307
Views
0
Helpful
2
Replies