[c-nsp] Restricting vpn client access on 506e

Serguei Bezverkhi sbezverkhi at hotmail.com
Tue May 31 12:04:02 EDT 2005


Hi,

You need to disable explicit permit of IPSec traffic by using:

No sysopt connection permit-ipsec

Then you need to add permit for IPSec traffic which you want to allow to
your outside access list.

HTH 

Serguei

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason Beltrame
Sent: Tuesday, May 31, 2005 11:55 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Restricting vpn client access on 506e

What is the best way to restrict traffic for clients who are VPN'ing
to the server using the cisco vpn client.  I want to be able to
restrict them to tcp 3389 only.  I try to add that to the spit tunnel
acl, but no luck.  Any ideas would be great :)

Thanks,

Jason

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list