cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
986
Views
4
Helpful
3
Replies

Stateful Access from LAN to all IPSEC VPN Clients ASA5520

rvopel
Level 1
Level 1

ASA5520 Cisco IPSEC VPN Client  using DAP 

Hello

I want to have access to all connected VPN Clients from the inside LAN. The access should only be available if it is initiated from the inside LAN.

Example Application: mstsc

The VPN Client should only be able to access restricted hosts on the inside LAN. This is done by ACL within the DAP.

At the moment I have to open all destination hosts/ports in the DAP ACL of the VPN Client which I want to make reachable from the inside LAN.

I think there must be a way to define:

All VPN Clients can be reached from the inside LAN.

All VPN Clients can only reach definied hosts at the inside LAN.

Does anyone have an idea how I can configure this?

Thanks

3 Replies 3

andrew.prince
Level 10
Level 10

There are a couple of ways I can think of to achive this:-

For VPN client access to inside hosts-

1) Write an ACL that is applied on the inside interface outbound restricting access

2) Write an ACL and apply it to the VPN Client Firewall

For Inside access to VPN Client-

1) Wirte an ACL that is applied on the inside interface inbound restricting access

HTH>

We extended the  ACL inside_access_in and it works perfect.

Thanks

Good to hear

Glad tp help.