Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1852
Views
0
Helpful
4
Replies

Cisco Vpn client to allow only Specific Traffic and block all Traffic

zeeshanssuet
Level 1
Level 1

‎01-02-2013 09:37 PM

HI,

I have a issue with one my Customer.I have created a Cisco Vpn client when a user access from Internet through the Vpn it can access to the serveers.Th problem that particular server has 4 different NIC card Also connect.For Example user get vpn ip of 172.17.x.x,

he can connect to any server within 172.x.x subnet through vpn but that server has 4 differnbt nic also connected like 192.168.x.x,10..x.x.x,172.15.x.x because if a user can create alias in his pc he can easily access those ips and access any thing i want to block this thing if user connect through vpn he can aonly access his 172.17.x.x subnet not the other Lan card only when he is connected to vpn for internel user this is not a issue but only for those who are connecting from outside world.

HI,

I have a issue with one my Customer.I have created a Cisco Vpn client when a user access from Internet through the Vpn it can access to the serveers.Th problem that particular server has 4 different NIC card Also connect.For Example user get vpn ip of 172.17.x.x,

he can connect to any server within 172.x.x subnet through vpn but that server has 4 differnbt nic also connected like 192.168.x.x,10..x.x.x,172.15.x.x because if a user can create alias in his pc he can easily access those ips and access any thing i want to block this thing if user connect through vpn he can aonly access his 172.17.x.x subnet not the other Lan card only when he is connected to vpn for internel user this is not a issue but only for those who are connecting from outside world.

Labels:
0 Helpful
4 Replies 4

Daniel Leonard
Level 1
Level 1

‎01-02-2013 11:01 PM

The most easily way is to create "split tunneling". Only these subnets wil go through the tunnel.

Sent from Cisco Technical Support iPhone App

Please rate or mark answered for helpful posts.
0 Helpful

Yadhu Tony
Level 1
Level 1

‎01-02-2013 11:21 PM

Hello,

Split tunneling is the best option where you can put ACL to restrict access to particular servers inside your subnet.

Regards,
Tony

http://yadhutony.blogspot.com

Regards,
Tony

http://yadhutony.blogspot.com
0 Helpful

zeeshanssuet
Level 1
Level 1

‎01-03-2013 04:41 AM

ok,You are right but my concern is if a user gets a remote session of the server if that server has multiple nic and he add multiple alias he can easily access the other network.can split tuneel blocks other ip and only allow speciifc Ips that is there in split tunnel

0 Helpful

Daniel Leonard
Level 1
Level 1
In response to zeeshanssuet

‎01-03-2013 02:23 PM

Hi,

When you create a split tunneling configuration (for your subnet 172.17.x.x), only that traffic flows through the tunnel.

Like Tony said, put an ACL to your tunnel configuration for traffic restriction.

Please rate or mark answered for helpful posts.

Please rate or mark answered for helpful posts.
0 Helpful
Customers Also Viewed These Support Documents