Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote VPN and ACL

I am using CISCO 1811, and have some users connects via cisco remote-vpn-client. the problem is i am unable to restrict them. even though i have blocked there access to only single host, but they are able to access other VLAN .

ip access-list extended vpn-client-work

permit ip 192.168.81.0 0.0.0.255 host 10.0.0.1

permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 80

permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 8080

deny ip 192.168.81.0 0.0.0.255 any

permit ip any any

#######ACL applied on FA1.1 (having ip address 10.0.0.1) LAN

ip access-group vpn-client-work in

####### ACL applied on FA0 (Public Interface)

ip access-group vpn-client-work in

1 REPLY

Re: Remote VPN and ACL

Firstly - I think you have applied the ACL in the wrong direction on fa1.1 - try applying "out"

Secondly - applying the ACL in the FA0 will have no impact on the the encrypted VPN traffic.

I would try something like:-

crypto isakmp client configuration group <>

acl xxx

access-list xxx permit ip 192.168.81.0 0.0.0.255 host 10.0.0.1

access-list xxx permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 80

access-list xxx permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 8080

access-list xxx deny ip 192.168.81.0 0.0.0.255 any

98
Views
0
Helpful
1
Replies
CreatePlease to create content