Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
1
Replies

Allowing VPN Network access to specific list

terrencepayet
Level 1
Level 1

‎02-02-2012 04:02 AM

Hi guys,

Am still a newbie with the ASA appliance, I've setup my VPN on the cisco ASA 5505 which works perfectly, users from outside can access my internal LAN.

Now what i want, Is to create another VPN Tunnel group with another set of IP in which i want to allow them access to one server inside our LAN. See below details of network

VPN Ip pool: 10.10.10.200-210

Server on LAN: 10.10.10.45

Can this be done??

Thanks in advance.

Terence

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎02-02-2012 04:44 AM

Ok so there are multiple ways actually to do this depend upon situation.

1) If users are locally authenticated then you can create ACL call that under group-policy as VPN filter.

    

     For ex,

    access-list 104 extended permit ip <10.10.200.0 255.255.255.0>  

  

group-policy xxxx internal

group-policy xxxx attributes

vpn-filter value 104

2) You can configure same thing for users if authenticated locally.

username xxxx attributes
vpn-filter value 104

3) If user auth is configured on ACS then you can also control access by using downlodable access list.

Thanks

Ajay




0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents