09-03-2012 01:14 AM
How I setup on ASA to allow only specific IPs ( peer IPs ) to connect ASA by remote access VPN( IPsec VPN client S/W).
Due to the remote access VPN, I had setup assigned IP to remote access VPN client during dialin.
I try to use the IPv4 Filter, but I was failed always.
09-03-2012 06:40 AM
As the Crypto is enabled on 'outside' interface, I don't think there is a way to restrict on ASA itself by ACL. But if you have router in front of ASA, you can use ACL to restrict the access.
Thx
MS
01-24-2017 02:34 PM
It is doable on ASA.
You need to use crypto dynamic-map and set it to specific peer only, see example below for ikev2:
crypto dynamic-map DYNMAP 65005 set peer 2.2.2.2
crypto dynamic-map DYNMAP 65005 set ikev2 ipsec-proposal IKEv2-IPSEC-PROPOSAL
Igor
09-03-2012 03:19 PM
Hi,
Yes, it is possible, just use the control-plane feature.
Do a research, in case of doubts please let me know.
Thanx
Portu
Sent from Cisco Technical Support Android App
09-15-2012 11:44 PM
Hi,
Yes. You can have the ACL created for inbound (outside to inside) where you can mention the specific IP's that needs to be applied to the box instead of only on the interface.
access-group outside_in interface outside control-plane
Try this and check.
Please do rate if the given information helps.
By
Karthik
09-21-2012 06:30 AM
Hi MS,
In case you do not have any further questions, please rate any helpful posts and mark this question as answered.
Thanks .
Portu
09-19-2016 10:43 AM
There is no answer to that question. Only control-plane mention without examples which still doesn't work for me. Please provide working examples on how to allow ONLY certain IPs to access IPsec. Basic cheap firewalls provide that feature out of the box, but not ASA.
06-09-2020 05:32 AM
05-17-2024 11:50 AM
See the following Cisco Support document that shows how to do this with examples. Important that you likely need to follow the directions to use `clear connection address ...` to force the ASA to re-evaluate IKE/isakmp connection attempts from the address denied in your control-plane access-list.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide