Solved: VPN CLeint Access for specified IP Addresses

Patrick Werner · ‎12-18-2012

Hello Community.

I like to restrict VPN access to our ASA only from a specified IP Adresss. The problem is the customer can install the VPN client on every machine, but i want to restrict that to one machine (one IP Address).

Any ideas. Cheers Patrick

Muhammed Safwan · ‎12-18-2012

If you are using ACS for vpn user authentication, then you can do this with calling-station-id. You have to add the remote ip address on calling-station-id attributes of ACS.

With Regards,

Safwan

Don't forget to rate helpful posts

View solution in original post

Muhammed Safwan · ‎12-19-2012

Another solution is to have a router before the ASA and apply the ACL on wan interface of the router.

ISP-->Router--->ASA--->LAN

With Regards,

Safwan

Don't forget to rate helpful posts

View solution in original post

Muhammed Safwan · ‎12-18-2012

If you are using ACS for vpn user authentication, then you can do this with calling-station-id. You have to add the remote ip address on calling-station-id attributes of ACS.

With Regards,

Safwan

Don't forget to rate helpful posts

Patrick Werner · ‎12-19-2012

Thanks for the answer. Isn't there a cheaper solution, the price for ACS is around $7000.

Muhammed Safwan · ‎12-19-2012

Another solution is to have a router before the ASA and apply the ACL on wan interface of the router.

ISP-->Router--->ASA--->LAN

With Regards,

Safwan

Don't forget to rate helpful posts