[VPN] Restricting VPN 3000 user to specific servers

shannong shannong at texas.net
Sun Oct 20 12:27:51 EDT 2002


-----Original Message-----
From: shannong [mailto:shannong at texas.net] 
Sent: Saturday, October 19, 2002 12:20 PM
To: 'Siddhartha Jain'
Subject: RE: [VPN] Restricting VPN 3000 user to specific servers


You can create Filters on the concentrator by applying Rules to them.
Rules are basically like access list entries. You apply the Rules to
Filters. Then you apply the Filters to the Group in question. You'll
probably have to create your own custom Rules to accomplish your access
desired.  The built in rules are for things like HTTP, ESP, etc.
Remember that the Filters are written from the concentrator's point of
view with respect to direction.

Filters/Rules are defined at:  Configuration-->Policy
Management-->Traffic Management  

They are applied to Groups at:  Configuration-->User Management-->Groups
on the General tab.

Additionaly, you can/should define split tunneling so that only desired
networks are included in the tunnel traffic.

-S

-----Original Message-----
From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com] On
Behalf Of Siddhartha Jain
Sent: Thursday, October 17, 2002 7:37 AM
To: vpn at lists.shmoo.com
Subject: [VPN] Restricting VPN 3000 user to specific servers


Hi,

I have configured a Cisco VPN 3000 concentrator behind
a PIX Firewall for remote users. I need to restrict
users who land on the concentrator to specific servers
on my LAN. The Concentrator and the servers are in the
same LAN behind the firewall. So basically, can I put
some access control on the concentrator to restrict
access of users to specific IP addresses/ports within
the network?

Regards,

Siddhartha


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts http://uk.my.yahoo.com
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn




More information about the VPN mailing list