Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote VPN client allowed to specific protocol like RDP only

Hi, is it possible to allow or limit the vpn clients to a specific protocol like RDP to the allowed network (internal)? Most of the samples in Cisco allows IP protocol on the access-list from the internat network to the IP pool which is then nated as Nat (0). I have tried to allow only RDP protocol in this access-list and it's not working.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Remote VPN client allowed to specific protocol like RDP only

Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154

On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.

Regards

4 REPLIES

Re: Remote VPN client allowed to specific protocol like RDP only

New Member

Re: Remote VPN client allowed to specific protocol like RDP only

Thanks George for this link and it very helpful.

Is it possible on PIX version 6.3?

Regards

Re: Remote VPN client allowed to specific protocol like RDP only

Hi Rizaldy, unfortunately vpn-filter is not posible in 6.x codes , this feature was introduced in code 7.x and above. You would have to upgrade to code 7.x or above.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/tz.html#wp1281154

On the other hand if you have a tunnel group already for vpn clients and you want to limit all that tunnel group to only rdp and nothing else you still can do it with your current code with an acl, not the permit ip but permit tcp and port tcp port number surce vpn network destination host.. but this strategy will apply to all RA users for that tunnel group.. not to practical..as suppose to using vpn-filters per user that allows more control over individual users on same tunnel group without affecting others.

Regards

New Member

Re: Remote VPN client allowed to specific protocol like RDP only

Thanks George...

326
Views
0
Helpful
4
Replies
CreatePlease to create content