Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

CVPN Client to PIX 501 Access Restrictions?

carllougher
Level 1
Level 1

‎02-16-2005 04:00 PM - edited ‎02-20-2020 11:58 PM

Hi,

How do I restrict vpn client access to certain servers on the inside network?

I can do it using access lists on the inside interface from the Lan servers to the vpn client but how do I restrict access the other way?

Sample:

VPN Client 10.10.10.1

Lan server : 192.168.1.1

Only allow vpn client to talk to the inside server using telnet. All other ports blocked.

Cheers,

Taff

0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎02-16-2005 09:14 PM

You apply the crypto map on outside int. of the pix (mostly)...so if the server is a on dmz or inside interface you can define an ACL on the PIX that is applied in inbound direction that blocks all traffic from the respective servers going to 10.10.10.0 network from being blocked. Used extended acl for more granularity as far as port information.

HTH

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

carllougher
Level 1
Level 1
In response to thisisshanky

‎02-16-2005 10:40 PM

Thanks for the reply.

I already have this setup but can only restrict access on an ip level from the server to the client.

Issue with this setup is that if you want to restrict access to say just telnet from the vpn client to the server you don't know what port the server will reply to and therefore can't block or allow access as the server destination port won't be port 23.

Is there another way of doing this??

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card