11-03-2022 06:39 AM
Hello, I have a need for a third party vendor to access the webui of a server within my network. I would like to limit their access to only this device so they can't attempt to access anything else on my network.
I am running Cisco ASDM 7.9, and connecting to Firepower 5525's running 9.14.4.
I have been able to create a second VPN profile for the vendor using an account authenticated against the firewall and tested access, they are able to hit the IP they need, but can also access everything else on my network.
I am looking for assistance setting up ACL traffic to limit to one IP address.
Thanks in advance.
11-03-2022 06:41 AM
@curtist you could apply a VPN Filter to this third party vendor, to restrict their access.
11-04-2022 06:30 AM
As @Rob Ingram suggested, vpn-filter is one way. Another method is for your second profile to only tunnel-specified (vs. tunnel-all) and only include the server address in the ACL that's used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide