cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


118
Views
5
Helpful
1
Replies
Beginner

Limiting outbound traffic to Cisco VPN clients/Users

I want to limit/filter/drop traffics that will be initiated from the inside of my network(behind the firewall) heading to Cisco VPN tunnel network/users, so basically I want always the Cisco vpn users to have access to behind(Inside interface) the firewall resources, not the inside to them, basically there would be a flow that's being initiated from Cisco VPN client address space, not the opposite.

I assigned a range of 192.168.10.x/24 for Cisco VPN clients, they are accessing the subnet 172.16.1.x/24 which is behind the firewall, how can I drop connections that wanna be initiated from 172.16.1.x/24? if I use an access list it drops even flows that are started from outside inward on their way back.

 

thank you so much

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: Limiting outbound traffic to Cisco VPN clients/Users

You can use VPN filtering for this.

access-list AC-VPN-FILTER extended permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0

group-policy AC-GrpPolicy internal

group-policy AC-GrpPolicy attributes

  vpn-filter value AC-VPN-FILTER

--
Please remember to rate and select a correct answer
1 REPLY 1
VIP Advocate

Re: Limiting outbound traffic to Cisco VPN clients/Users

You can use VPN filtering for this.

access-list AC-VPN-FILTER extended permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0

group-policy AC-GrpPolicy internal

group-policy AC-GrpPolicy attributes

  vpn-filter value AC-VPN-FILTER

--
Please remember to rate and select a correct answer