08-15-2006 12:22 PM - edited 03-09-2019 03:54 PM
Hi All,
I am fairly new to the world of PIX/ASA. I have an ASA 5510. I have setup vpn and such and managed to get it all going ok with the help of a few folks in these forums. I have another question though. I have a vendor that needs access to a few servers inside my network. I understand that I can make a different tunnel group and group policy for their vpn use. I have created a different pool and such for them. I used the wizard to create the new vpn group and such. When I got to question where it states what hosts or networks you would like allowed to this vpn group, i put in the hosts that i would like the group to access. well, when i go in with this vendor group and such, i am still allowed to ping or remote into any hosts i wish. is this correct? I noticed it places the following into the config:
access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248
access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248
access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248
access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248
Is there something wrong with the config?
TIA,
R
08-15-2006 07:11 PM
HI .. when you add the hosts make sure their subnet mask is 255.255.255.255 otherwise you might be allowing access to the whole subnet.
I hope it helps .. please rate it if it does !!!
08-15-2006 10:48 PM
Make sure the pool you created is subnetted correctly and both pools are in different subnets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide