Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
1
Replies

Help with allowing SSL VPN users acces to VLAN2 from VLAN1

jeffrey77
Level 1
Level 1

‎09-30-2013 11:54 AM

I am tyring to find a way for allowing some users connecting via SSL VPN (Anyconnect) to reach a PC on VLAN 2, but not all VPN users.

The second VLAN is used for a credit card machine and is set up with a reflexive ACL as below:

(Cisco 891)

interface Vlan2

description Credit Card LAN

ip address 192.168.2.1 255.255.255.0

ip access-group VLAN2 in

ip access-group VLAN2_REFLEXIVE out

ip nat inside

ip ips IPS4PCI in

ip ips IPS4PCI out

ip virtual-reassembly in

ip tcp adjust-mss 1452

ip access-list extended VLAN2

permit ip any any reflect REFLEXIVE timeout 300

ip access-list extended VLAN2_REFLEXIVE

evaluate REFLEXIVE

ip access-list extended natlist

permit ip 192.168.1.0 0.0.0.255 any

permit ip 192.168.2.0 0.0.0.255 any

I need to keep the two seperate for PCI compliancy but also need to allow a couple of users access to BOTH VLAN's.

Any ideas or suggestions?

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎09-30-2013 11:48 PM

I would create a specific SSL VPN group for theese special users, assign a different IP range, then allow that range only.

HTH./

0 Helpful
Customers Also Viewed These Support Documents