Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN group policy restricting and allowing access to vlans

I have a ASA5520 congiured with two group polices. One for  Tech Services and another for General Users. We are using hairpinning on our WAN interface and I want to only allow the Users group access to VLAN 30 internall and WAN access when they are connected to SSL VPN. I have set up the IPv4 filter in the group policy and restricting access to all other vlans is working they are only able to hit ip address in VLAN 30, but they have no internet connection. I have tried adding an ACE to the ACL like i did to permit traffic only to VLAN 30 but added another ACE for the WAN interface and its not working. How else would I restrict access to an internal vlan and give web access through the vpn group policy?

2 REPLIES
New Member

VPN group policy restricting and allowing access to vlans

assuming ip pool is 192.168.10.0/24 and you are doing tunnelall instead of split-tunnel

you can do

same-security-traffic permit intra-interface

nat (outside) 1 192.168.10.0 255.255.255.0

global (outside) 1 interface

New Member

Re:VPN group policy restricting and allowing access to vlans

This was resolved my adding an extened ACL and permitting the network of the allowed vlan and denying access to the rest and finally any to any ip ACE for WAN access

Sent from Cisco Technical Support Android App

534
Views
0
Helpful
2
Replies
CreatePlease login to create content