02-26-2002 10:40 AM - edited 03-08-2019 09:55 PM
I want to lock down a VPN group to one internal IP address/server only. No access to the rest of the LAN whatsoever. Can I do this and if so, how? (Cisco 3030 VPN using Cisco 3.1.1 client).
Thanks for any help or pointers.
02-26-2002 11:24 AM
You should be able to create a separate network list and put a single IP address and wildcard (192.168.1.10/255.255.255.255). Then under your VPN group select that network list as the split tunneling network list. You'll probably want to select "Only tunnel networks in list" in the split tunneling policy.
Hope this helps.
02-26-2002 12:10 PM
Split tunnelling (at least as described here) only tunnels the designated network; in other words, the rest of the traffic doesn't pass thru the tunnel, and is completely unrestricted. I want to be able to lock this user group down to accessing a single IP inside our corporate network and not be able to do/see/touch anything else. (These are third-party individuals who need access to something residing on one specific server and we don't want them to see/touch anything else).
Is that possible? How?
Thanks!
~Lila
03-09-2002 08:13 PM
You can set up a rule defining the group using the IP address of the server you want them to be able to reach and in the action button you select forward in, then setup a filter and select the rule from the drop down menu into the filter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide