Solved: Re: Limiting outbound traffic to Cisco VPN clients/Users

George-Sl · ‎10-09-2019

I want to limit/filter/drop traffics that will be initiated from the inside of my network(behind the firewall) heading to Cisco VPN tunnel network/users, so basically I want always the Cisco vpn users to have access to behind(Inside interface) the firewall resources, not the inside to them, basically there would be a flow that's being initiated from Cisco VPN client address space, not the opposite.

I assigned a range of 192.168.10.x/24 for Cisco VPN clients, they are accessing the subnet 172.16.1.x/24 which is behind the firewall, how can I drop connections that wanna be initiated from 172.16.1.x/24? if I use an access list it drops even flows that are started from outside inward on their way back.

thank you so much

Marius Gunnerud · ‎10-10-2019

You can use VPN filtering for this.

access-list AC-VPN-FILTER extended permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0

group-policy AC-GrpPolicy internal

group-policy AC-GrpPolicy attributes

vpn-filter value AC-VPN-FILTER

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎10-10-2019