Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
1
Replies

Restricting VPN 3000 user to specific servers

siddhartha.jain
Level 1
Level 1

‎10-17-2002 04:39 AM - edited ‎02-21-2020 12:07 PM

Hi,

I have configured a Cisco VPN 3000 concentrator behind a PIX Firewall

for remote users. I need to restrict users who land on the

concentrator to specific servers on my LAN. The Concentrator and the

servers are in the same LAN behind the firewall. So basically, can I

put some access control on the concentrator to restrict access of

users to specific IP addresses/ports within the network?

Regards,

Siddhartha

Labels:
0 Helpful
1 Reply 1

mark-neil
Level 1
Level 1

‎10-17-2002 11:05 AM

Siddhartha,

Assuming your remote users are using the Cisco VPN Client, you could potentially build a split-tunnel VPN group and build a split tunneling network list, which can be 32-bit specific. In this manner, the only traffic that will transit your VPN tunnel will be traffic intended for your site. This procedure will provide you the access control you want to exercise, and will be based upon the specific IP addresses within your network. Be careful to not overwrite their existing DNS/WINS configurations, so as to allow them normal operations on their LAN. These steps are configurable on the 3000 concentrator under Configuration / User Management / Groups and then the General and IPSEC tabs.

0 Helpful
Customers Also Viewed These Support Documents