Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote VPN and ACL

I am using CISCO 1811, and have some users connects via cisco remote-vpn-client. the problem is i am unable to restrict them. even though i have blocked there access to only single host, but they are able to access other VLAN .

ip access-list extended vpn-client-work

permit ip host

permit tcp host eq 80

permit tcp host eq 8080

deny ip any

permit ip any any

#######ACL applied on FA1.1 (having ip address LAN

ip access-group vpn-client-work in

####### ACL applied on FA0 (Public Interface)

ip access-group vpn-client-work in


Re: Remote VPN and ACL

Firstly - I think you have applied the ACL in the wrong direction on fa1.1 - try applying "out"

Secondly - applying the ACL in the FA0 will have no impact on the the encrypted VPN traffic.

I would try something like:-

crypto isakmp client configuration group <>

acl xxx

access-list xxx permit ip host

access-list xxx permit tcp host eq 80

access-list xxx permit tcp host eq 8080

access-list xxx deny ip any

CreatePlease to create content