Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
5
Helpful
2
Replies

Configuring VPN & PIXOS 8.0.2

johnleeee
Level 1
Level 1

‎10-23-2007 03:07 AM - edited ‎02-21-2020 03:20 PM

Hi all,

I have a question related to where in configuration of VPN for remote connection is said where users can connect?

Could someone help me how to restrict the remote users to connect into only the requested destinations, ports and so on?

I mean ....which ACL do this?

I know that I can configure split ACL for remote client, no nat ACL and so on.

In our PIX we have ACL on inside and outside interface.

Any idea, any example, any help?

BR

jl

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎10-23-2007 07:17 AM

You can remove the command which allows all ipsec traffic to bypass inteface acls.

no sysopt connection permit-vpn

Then you would simply write the access you want in your outside acl. Be careful as this will effect all ipsec traffic. If you have other tunnel groups you do not want to restrict, you would have to specifically allow them in the acl as well.

Another option is to look into the vpn-filter command.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080641a52.shtml

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/uz.html#wp1493380

johnleeee
Level 1
Level 1
In response to acomiskey

‎10-25-2007 05:23 AM

Hi Adam,

thanks for an answer. It is very helpful for me.

I didnt find no sysopt connection permit-vpn in our config.

So I suppose it is on and our inside ACL doesnt

restrict any connection from the outside VPN clients. So Iv created the other ACL and applied it into user profile. It functions well.

Thanks.

jl

0 Helpful
Customers Also Viewed These Support Documents