Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Remote Access - VPN - ASA - port restriction

Hi,

Is there a way to restrict the vpn connection to an ip address and a port? I can do an ip address only but can we restrict it with only one port ? I mean the user should only connect to one port?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Remote Access - VPN - ASA - port restriction

Hello,

You should be able to restrict access for a particular user to a specific destination IP and port by using a vpn-filter.  Here is a link that can help you understand and configure a vpn-filter on your ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

As you can see from the information provided in the link you can apply the vpn-filter to the group-policy however, doing so ALL users connecting to that group-policy will inherit the vpn-filter and be restricted to what you have defined within the ACL on the filter.  In your case it would be best to simply apply your vpn-filter ACL to the specific user under their attributes.  When that particular user connects their access will be restricted to what you have configured in the vpn-filter while all other users will continue to have unrestricted access.

I hope this info helps!

- Jason Espino

1 REPLY
New Member

Re: Remote Access - VPN - ASA - port restriction

Hello,

You should be able to restrict access for a particular user to a specific destination IP and port by using a vpn-filter.  Here is a link that can help you understand and configure a vpn-filter on your ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

As you can see from the information provided in the link you can apply the vpn-filter to the group-policy however, doing so ALL users connecting to that group-policy will inherit the vpn-filter and be restricted to what you have defined within the ACL on the filter.  In your case it would be best to simply apply your vpn-filter ACL to the specific user under their attributes.  When that particular user connects their access will be restricted to what you have configured in the vpn-filter while all other users will continue to have unrestricted access.

I hope this info helps!

- Jason Espino

836
Views
0
Helpful
1
Replies
CreatePlease to create content