Re: Remote VPN and ACL - Cisco Community

353

Views

0

Helpful

1

Replies

I am using CISCO 1811, and have some users connects via cisco remote-vpn-client. the problem is i am unable to restrict them. even though i have blocked there access to only single host, but they are able to access other VLAN .

ip access-list extended vpn-client-work

permit ip 192.168.81.0 0.0.0.255 host 10.0.0.1

permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 80

permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 8080

deny ip 192.168.81.0 0.0.0.255 any

permit ip any any

#######ACL applied on FA1.1 (having ip address 10.0.0.1) LAN

ip access-group vpn-client-work in

####### ACL applied on FA0 (Public Interface)

ip access-group vpn-client-work in

1 Reply 1

Firstly - I think you have applied the ACL in the wrong direction on fa1.1 - try applying "out"

Secondly - applying the ACL in the FA0 will have no impact on the the encrypted VPN traffic.

I would try something like:-

crypto isakmp client configuration group <>

acl xxx

access-list xxx permit ip 192.168.81.0 0.0.0.255 host 10.0.0.1

access-list xxx permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 80

access-list xxx permit tcp 192.168.81.0 0.0.0.255 host 10.0.0.45 eq 8080

access-list xxx deny ip 192.168.81.0 0.0.0.255 any

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community