02-06-2008 08:30 AM - edited 03-03-2019 08:35 PM
Hi there I have been trying to get a security feature to work on the Cisco 875w router. Basically the router has built in VPN authentication and 6 of these routers are placed in 6 remote workers homes. We want to block all MAC addresses from being able to access the VPN tunnel and then allow manualy the workers MAC address to be able to access the corporate network. I have tried seting up a 700 range ACL and placing it on a virtual-template assigned to the easyvpn connection etc. is there something i am doing wrong or is there a better was of trying to filter who gets to send traffic via the VPN connection. Thanks in advance, Lee.
02-06-2008 01:51 PM
Hi, the problem is that you cannot use layer 2 ACL when routing.
One method can be the following:
- disable arp under vlan interface
- setup static arp entries for worker's PC
- setup the allowed IP as ACL input on VLAN
- static config above said IP on the PC
Hope this helps, please rate post if it does!
02-07-2008 01:29 AM
Hi thanks for the reply, I cant really statically assign IP addresses on the PCs as the remote workers come into the main office regularly and the subnet for the remote routers is VLSM to a different subnet mask. Also other remote workers visit other remote workers houses and we have about 30 machines in total and the VLSM only configured for 16 addresses (14 usable 13 with a router reserve). So confusing ive spoken to my CCNA tutor about it to, both stumped. So is that the only way that it can be done? What about Cisco Secure Access Control Server Express or is that to over the top for what im trying to achieve?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide