topic Re: Can you create a limited client VPN access? in Network Security https://community.cisco.com/t5/network-security/can-you-create-a-limited-client-vpn-access/m-p/949920#M937075 <HTML><HEAD></HEAD><BODY><P>You have to add in the nonat the segments that the your provider can access like this.</P><P></P><P>access-list nonat extended permit ip host 10.1.3.11 192.168.0.0 255.255.255.0</P><P></P><P></P><P>or if you use the split tunnel you can control it int his cacces list.</P><P></P><P>like this.</P><P>access-list VPN_PROVEEDOR1_SPLIT extended permit ip 10.1.3.11 255.255.255.255 192.168.0.0 255.255.255.0</P><P></P><P>split-tunnel-network-list value VPN_PROVEEDOR1_SPLIT</P><P></P><P>or may be you can use access-list in your router gateway.</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 29 May 2008 14:29:50 GMT arturo.guzman 2008-05-29T14:29:50Z Can you create a limited client VPN access? https://community.cisco.com/t5/network-security/can-you-create-a-limited-client-vpn-access/m-p/949919#M937073 <P>My vendor wants to use client VPN to access my network but I want to limit them to access one IP 192.168.1.1 using port 443. What change do I need to made?</P><P></P><P>Here is the short version of config.</P><P></P><P>interface ethernet0 </P><P>ip address 10.10.4.200 255.255.0.0 </P><P>nameif outside </P><P></P><P>isakmp policy 1 authentication pre-share </P><P>isakmp policy 1 encryption 3des </P><P>isakmp policy 1 hash sha </P><P>isakmp policy 1 group 2 </P><P>isakmp policy 1 lifetime 43200 </P><P></P><P>isakmp enable outside </P><P></P><P>ip local pool testpool 192.168.0.10-192.168.0.15 </P><P></P><P>username testuser password 12345678 </P><P></P><P>crypto ipsec transform set FirstSet esp-3des esp-md5-hmac </P><P></P><P>tunnel-group testgroup type ipsec-ra </P><P>tunnel-group testgroup general-attributes </P><P>address-pool testpool </P><P>tunnel-group testgroup ipsec-attributes </P><P>pre-shared-key xxx </P><P></P><P>crypto dynamic-map dyn1 1 set transform-set FirstSet </P><P>crypto dynamic-map dyn1 1 set reverse-route </P><P></P><P>crypto map mymap 1 ipsec-isakmp dynamic dyn1 </P><P>crypto map mymap interface outside </P><P></P><P></P> Mon, 11 Mar 2019 12:52:00 GMT https://community.cisco.com/t5/network-security/can-you-create-a-limited-client-vpn-access/m-p/949919#M937073 donlin123 2019-03-11T12:52:00Z Re: Can you create a limited client VPN access? https://community.cisco.com/t5/network-security/can-you-create-a-limited-client-vpn-access/m-p/949920#M937075 <HTML><HEAD></HEAD><BODY><P>You have to add in the nonat the segments that the your provider can access like this.</P><P></P><P>access-list nonat extended permit ip host 10.1.3.11 192.168.0.0 255.255.255.0</P><P></P><P></P><P>or if you use the split tunnel you can control it int his cacces list.</P><P></P><P>like this.</P><P>access-list VPN_PROVEEDOR1_SPLIT extended permit ip 10.1.3.11 255.255.255.255 192.168.0.0 255.255.255.0</P><P></P><P>split-tunnel-network-list value VPN_PROVEEDOR1_SPLIT</P><P></P><P>or may be you can use access-list in your router gateway.</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 29 May 2008 14:29:50 GMT https://community.cisco.com/t5/network-security/can-you-create-a-limited-client-vpn-access/m-p/949920#M937075 arturo.guzman 2008-05-29T14:29:50Z