Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
5
Helpful
2
Replies

Restrict vendor access via VPN

curtist
Level 1
Level 1

‎11-03-2022 06:39 AM

Hello, I have a need for a third party vendor to access the webui of a server within my network. I would like to limit their access to only this device so they can't attempt to access anything else on my network.

I am running Cisco ASDM 7.9, and connecting to Firepower 5525's running 9.14.4.

I have been able to create a second VPN profile for the vendor using an account authenticated against the firewall and tested access, they are able to hit the IP they need, but can also access everything else on my network.

I am looking for assistance setting up ACL traffic to limit to one IP address.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-03-2022 06:41 AM

@curtist you could apply a VPN Filter to this third party vendor, to restrict their access.

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

 

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-04-2022 06:30 AM

As @Rob Ingram suggested, vpn-filter is one way. Another method is for your second profile to only tunnel-specified (vs. tunnel-all) and only include the server address in the ACL that's used.

0 Helpful
Customers Also Viewed These Support Documents