11-30-2018 02:11 PM - edited 03-12-2019 05:32 AM
Can someone help me with an issue i'm trying to resolve.
I want to deny vpn users access to some of our internal networks that we are migrating to a new company.
internal networks as defined
179.5.0.0 255.255.0.0
10.0.0.0 255.0.0.0
but now I need make certain subnets unreachable like 179.5.20.0/24 and 10.10.23.0/24 by vpn users.
11-30-2018 02:18 PM
Are you using an ASA firewall? What type of VPN, I assume Remote Access VPN using AnyConnect?
If ASA, you probably need to configure VPN Filter, example here.
11-30-2018 02:32 PM
Yes i use ASA Firewall. An update to this is that we want to deny all vpn access to those networks not just anyconnect clients
11-30-2018 07:52 PM
11-30-2018 08:38 PM
Each VPN type has an associated configuration that defines which networks are accessible.
SSL VPN (Anyconnect) uses an ACL that's called out under "tunnel-specified" in the group-policy section of the configuration.
Site-to-site VPNs use a different ACL that's called out in the cryptomap associated with a given remote peer.
Change the ACLs and you change the accessible networks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide