cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
990
Views
0
Helpful
4
Replies

Segment VPN users

Alex Pfeil
Level 7
Level 7

I have a requirement to segment all of the VPN traffic so that once a user logs in, they can not see (ping, scan, etc.)  any other users on the VPN network.  I was wondering if this is possible. 

Thanks,

Alex

4 Replies 4

That can be achieved both on the ASA and on IOS-routers. The easiest would be to use ACLs inside the tunnel that restrict the traffic that may be sent from the VPN-client.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Can you provide an example of the configuration?  I might have found a bug in the ASA code because the ACL that I am using is not working.

Thanks,

Alex

Most likely it's not a bug but a misconfigured ACL (if you are talking about the vpn-filter).

In the VPN-filter the syntax is:

ACTION PROTOCOL REMOTE LOCAL

and not

ACTION PROTOCOL SOURCE DESTINATION

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Alex,

What Karsten suggests is a VPN filter, this feature filters the inbound traffic coming over a VPN tunnel, so in your ACL, the source is the REMOTE network and destination the LOCAL network.

Please check this out:

PIX/ASA 7.x and Later: VPN Filter (Permit Specific Port or Protocol) Configuration Example for L2L and Remote Access

HTH.

Portu.

Please rate any helpful posts