cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1970
Views
0
Helpful
1
Replies

Remote Access - VPN - ASA - port restriction

blackswans
Level 1
Level 1

Hi,

Is there a way to restrict the vpn connection to an ip address and a port? I can do an ip address only but can we restrict it with only one port ? I mean the user should only connect to one port?

Thanks

1 Accepted Solution

Accepted Solutions

jason.espino
Level 1
Level 1

Hello,

You should be able to restrict access for a particular user to a specific destination IP and port by using a vpn-filter.  Here is a link that can help you understand and configure a vpn-filter on your ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

As you can see from the information provided in the link you can apply the vpn-filter to the group-policy however, doing so ALL users connecting to that group-policy will inherit the vpn-filter and be restricted to what you have defined within the ACL on the filter.  In your case it would be best to simply apply your vpn-filter ACL to the specific user under their attributes.  When that particular user connects their access will be restricted to what you have configured in the vpn-filter while all other users will continue to have unrestricted access.

I hope this info helps!

- Jason Espino

View solution in original post

1 Reply 1

jason.espino
Level 1
Level 1

Hello,

You should be able to restrict access for a particular user to a specific destination IP and port by using a vpn-filter.  Here is a link that can help you understand and configure a vpn-filter on your ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

As you can see from the information provided in the link you can apply the vpn-filter to the group-policy however, doing so ALL users connecting to that group-policy will inherit the vpn-filter and be restricted to what you have defined within the ACL on the filter.  In your case it would be best to simply apply your vpn-filter ACL to the specific user under their attributes.  When that particular user connects their access will be restricted to what you have configured in the vpn-filter while all other users will continue to have unrestricted access.

I hope this info helps!

- Jason Espino

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: