Server restriction

rhltechie · ‎08-15-2006

Hi All,

I am fairly new to the world of PIX/ASA. I have an ASA 5510. I have setup vpn and such and managed to get it all going ok with the help of a few folks in these forums. I have another question though. I have a vendor that needs access to a few servers inside my network. I understand that I can make a different tunnel group and group policy for their vpn use. I have created a different pool and such for them. I used the wizard to create the new vpn group and such. When I got to question where it states what hosts or networks you would like allowed to this vpn group, i put in the hosts that i would like the group to access. well, when i go in with this vendor group and such, i am still allowed to ping or remote into any hosts i wish. is this correct? I noticed it places the following into the config:

access-list outside_cryptomap_dyn_40 extended permit ip host <server ip> 192.168.50.248 255.255.255.248

Is there something wrong with the config?

TIA,

R

Fernando_Meza · ‎08-15-2006

HI .. when you add the hosts make sure their subnet mask is 255.255.255.255 otherwise you might be allowing access to the whole subnet.

I hope it helps .. please rate it if it does !!!

jay.mcgown · ‎08-15-2006

Make sure the pool you created is subnetted correctly and both pools are in different subnets.