topic Re: VPN Network restrictions in Network Security https://community.cisco.com/t5/network-security/vpn-network-restrictions/m-p/831316#M974232 <HTML><HEAD></HEAD><BODY><P>Take a look at this document. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml</A></P><P></P><P>It explains how to create a vpn-filter acl which is assigned to the tunnel-group to restrict traffic. </P><P></P><P>Your other option is to write the access in your outside acl. But to do this you must remove sysopt connection permit-ipsec/vpn. </P><P></P><P>Let us know if you need any more help.</P><P></P><P>Please rate helpful posts. </P></BODY></HTML> Thu, 27 Sep 2007 11:58:13 GMT acomiskey 2007-09-27T11:58:13Z VPN Network restrictions https://community.cisco.com/t5/network-security/vpn-network-restrictions/m-p/831315#M974231 <P>My situation (I'm very new to Cisco and networking)</P><P>My company has some consultants who will be using the software VPN (not the SSL) to access our network through an ASA 5510.</P><P>I created a VPN for them and a group policy that hands out 192.168.12.xxx which is unique in our network.</P><P>I am trying to limit them to only 3 servers. So far I tried to set group policies, the VPN wizard, and even created an ACL in the ASA to limit 192.168.12.xxx to only the three server ip's but when I test it, it allows me to browse the entire network, we cant really use ACLs in the network to limit access and counting on AD to limit access isn't trusted enough.</P><P>Does the ASA 5510 have the ability to limit network access per each VPN group?</P><P>Is this a NAT rule maybe?</P> Mon, 11 Mar 2019 11:17:48 GMT https://community.cisco.com/t5/network-security/vpn-network-restrictions/m-p/831315#M974231 ucnsbstaff 2019-03-11T11:17:48Z Re: VPN Network restrictions https://community.cisco.com/t5/network-security/vpn-network-restrictions/m-p/831316#M974232 <HTML><HEAD></HEAD><BODY><P>Take a look at this document. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml</A></P><P></P><P>It explains how to create a vpn-filter acl which is assigned to the tunnel-group to restrict traffic. </P><P></P><P>Your other option is to write the access in your outside acl. But to do this you must remove sysopt connection permit-ipsec/vpn. </P><P></P><P>Let us know if you need any more help.</P><P></P><P>Please rate helpful posts. </P></BODY></HTML> Thu, 27 Sep 2007 11:58:13 GMT https://community.cisco.com/t5/network-security/vpn-network-restrictions/m-p/831316#M974232 acomiskey 2007-09-27T11:58:13Z