Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
2
Replies

Best way to allow a vpn profile only from one address

m.surtees
Level 1
Level 1

‎05-20-2009 01:22 AM - edited ‎02-21-2020 03:28 AM

Hi,

This is a wierd request as it flies in the face of the purpose of vpn clients but I ahve my reasons:

We don't like Split-T but we have a userbase on a customer site that require it. I have made a special profile for them but they tend to hand out the .pcf to others as well as using it from home, etc. So I want to tie this group policy to a single source address.

Termination device is a 5520 with 8.x

Can it be done in the crypto definition or do I need to use an ACL entry on the outside interface?

Many thanks in advance,

Mike

0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎05-20-2009 01:49 PM

Hi Mike,

Have a look at this complete link, implementing digital certificates for controlling your VPN ra users authorized sources.. you can also have ASA as local CA server as suppose to using third party.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html#wp1002608

Regards

Jorge Rodriguez
0 Helpful

m.surtees
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-20-2009 05:14 PM

Thanks jorgemcse,

A bit low on time to read that whole doco right now so I won't rate your post. But thanks anyway and it will be good to investigate using the ASA as a local CA server on top of my current issue.

Regards,

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card