Hello, everybody!
I have ASA 5506 and VPN L2TP Server on it. Everything works fine.
My internal network is 10.0.0.0/24, VPN IPs scope is 10.0.0.160-10.0.0.230.
I have to limit all the access for VPN clients for internal resources, except RDP to two servers.
I've created two rules for VPN Clients in outside section:
1st - allow VPN clients scope access to servers on port tcp/3389
2nd - deny VPN clients scope access to any
The problem is regardless of my rules mentioned above, VPN clients have all the access to internal resouces.
I have tried to split internal range 10.0.0.0/24 in two scopes: 10.0.0.1-10.0.0.159 and 10.0.0.231.
The problem still exists. Please, take a look at screenshot provided.
Do you have any ideas how to solve the problem?
Many thanks in advance,
Ilya
