I am tyring to find a way for allowing some users connecting via SSL VPN (Anyconnect) to reach a PC on VLAN 2, but not all VPN users.
The second VLAN is used for a credit card machine and is set up with a reflexive ACL as below:
(Cisco 891)
interface Vlan2
description Credit Card LAN
ip address 192.168.2.1 255.255.255.0
ip access-group VLAN2 in
ip access-group VLAN2_REFLEXIVE out
ip nat inside
ip ips IPS4PCI in
ip ips IPS4PCI out
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip access-list extended VLAN2
permit ip any any reflect REFLEXIVE timeout 300
ip access-list extended VLAN2_REFLEXIVE
evaluate REFLEXIVE
ip access-list extended natlist
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
I need to keep the two seperate for PCI compliancy but also need to allow a couple of users access to BOTH VLAN's.
Any ideas or suggestions?