Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
2
Replies

VPN Protected Traffic

lincolnp1
Level 1
Level 1

‎02-28-2005 12:13 AM - edited ‎02-21-2020 01:38 PM

Hi, we have built a l2tp vpn via the pdm wizard which works great but we have a question about security.

The 'bypass access-lists for l2tp' traffic was selected, which allows one to have access to all internal hosts - this is something we want changed i.e.to allow the vpn client access to only internal server.

We've tried un-flagging the l2tp access-list & configuring ACEs' but was not successful. Can someone pls provide me with a work around ...

Regards

Lincoln

Labels:
0 Helpful
2 Replies 2

shannong
Level 4
Level 4

‎03-01-2005 08:30 PM

That is the appropriate work around. There must be ACEs on the outside interface to allow the traffic in. The ACEs must references the IP addresses handed out to clients as the source. The destination depends on the configuration.

If you have nat 0 configured to prevent translation for traffic going from the internal server to the VPN pool addresses, then the ACEs should reference the private IP of server as the destination. This is recommended.

You could also setup a static statement for the server to be available on the outside interface by its inside address, but this would be available for all hosts on the outside interface and not just the VPN clients.

To test your configuration, make sure that logging is set to debuging for the buffer and show the log while trying to ping the server in question. It will tell you exactly what is wrong.

0 Helpful

lincolnp1
Level 1
Level 1
In response to shannong

‎03-01-2005 10:52 PM

Hi, thanks Shannon - I will definetely give this a try & will let you know of the results. Due to month end stats I will only try this possibly early next week ...

Regards

Lincoln

0 Helpful
Customers Also Viewed These Support Documents