How can I limit who can access the Remote Access VPN?

arozar · ‎04-30-2013

I tried to setup an ACL on the outside interface, but it still seems that the RA VPN is open to all hosts. How can this be limited?

Nikhil Thakur · ‎04-30-2013

Hi,

If you know the source public IP addresses of the RA VPN clients, you could use control plane ACL to restrict the access to few legitimate users.

Normal ACL are for through-the-box traffic and control-plane is for to-the-box traffic so RA VPN connections being to-the-box traffic will be filtered through control-plane.

http://blog.ipexpert.com/2011/01/05/asa-control-plane-access-list/

Also, refer the configuration guide for ASA:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html

The command should be like this:

access-group RA-VPNClients in interface outside control-plane

*RA-VPNClients is the name of the Access-list permitting specific public clients

Hope the above information is informative.

Regards,

Nick

P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

Nikhil Thakur · ‎05-06-2013

Hey,

Please mark this post as 'Answered' if your initial query has been answered.

I would be glad to answer your further queries, if any.

Also, rate the post if helpful.

Thanks!

Regards,

Nick

Nikhil Thakur · ‎05-13-2013

Hi,

Any luck with this?

Please rate this post and mark this as 'Answered' if it has helped you.

This is for the benefit of the community users who are trying to find a solution to a similar problem.

Regards,

Nick