Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1063
Views
0
Helpful
2
Replies

VPN group policy restricting and allowing access to vlans

Todd Willoughby
Level 1
Level 1

ā€Ž08-15-2012 08:07 AM

I have a ASA5520 congiured with two group polices. One for  Tech Services and another for General Users. We are using hairpinning on our WAN interface and I want to only allow the Users group access to VLAN 30 internall and WAN access when they are connected to SSL VPN. I have set up the IPv4 filter in the group policy and restricting access to all other vlans is working they are only able to hit ip address in VLAN 30, but they have no internet connection. I have tried adding an ACE to the ACL like i did to permit traffic only to VLAN 30 but added another ACE for the WAN interface and its not working. How else would I restrict access to an internal vlan and give web access through the vpn group policy?

Labels:
0 Helpful
2 Replies 2

abcdrohan
Level 1
Level 1

ā€Ž08-15-2012 09:08 AM

assuming ip pool is 192.168.10.0/24 and you are doing tunnelall instead of split-tunnel

you can do

same-security-traffic permit intra-interface

nat (outside) 1 192.168.10.0 255.255.255.0

global (outside) 1 interface

0 Helpful

Todd Willoughby
Level 1
Level 1

ā€Ž08-15-2012 01:26 PM

This was resolved my adding an extened ACL and permitting the network of the allowed vlan and denying access to the rest and finally any to any ip ACE for WAN access

Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents