cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
1
Replies

Allow access to only certain ports for remote VPN clients

kaytea
Level 1
Level 1

Hi, I was wondering if you could tell me how to allow access to only certain ports on a server, for a remote vpn group.

1 Reply 1

r.perera
Level 1
Level 1

Hi,

The way I do it with ACL applied at the outside interface

remove sysopt for IPsec

No sysopt 4 IPSec

This is to allow esp ans isakmp traffic through oitside interface

access-list from-www permit esp any host 203.xx.x.x

access-list from-www permit udp any host 203.xx.x.x eq 4500

access-list from-www permit udp any host 203.xx.x.x eq isakmp

access-list from-www permit tcp any host 203.xx.x.x eq 10000

access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq www

access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq 8080

access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq https

access-group from-www in interface outside

203.xx.x.x. is the outside interface address

10.yy.y.0 is the ippool subnet

Hope this help,

And the other method might be using a split tunneling ACL applied to vpngroup

best regards