[c-nsp] VPN Concentrator 3005 - block connection from internalclients

Thu Mar 2 08:04:13 EST 2006

No, we have only one Internet connection.  All remote sites use that
gateway.

So are you saying block the connections in the Concentrator (how?), or in my
firewall.  I would prefer to block in the Concentrator if it is possible.

Bob Fronk

bobfronk at gmail.com

  _____  

From: Joseph Jackson [mailto:JJackson at aninetworks.com] 
Sent: Wednesday, March 01, 2006 9:50 PM
To: Bob Fronk; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] VPN Concentrator 3005 - block connection from
internalclients

Do the remote sites go out of a differenet internet connection?  If so block
those addresses.  If not then block your internal addresses from connecting
to that ip.

 -----Original Message-----
From:   Bob Fronk [mailto:bobfronk at gmail.com]
Sent:   Wed Mar 01 11:05:59 2006
To:     cisco-nsp at puck.nether.net
Subject:        [c-nsp] VPN Concentrator 3005 - block connection from
internalclients

*Sorry if you get this multiple times. For some reason I keep getting
rejected*

We have a Cisco VPN 3005 Concentrator.

Traveling Windows clients use Cisco VPN Software (pointed to a public
Internet IP) to connect from outside sources.

However, when they come to the office, the Concentrator accepts the
connection because the IP is public.  This causes several problems because
they are both connected on LAN and VPN.

This does not happen on the internal local subnet that the Concentrator is
on, however, if the client connects to the LAN at one of our remote sites
(connected via MPLS), the Concentrator accepts the connection.

I am not very versed on the VPN Concentrator.  How can I tell it not to
accept connections from clients originating from our LAN?

Bob Fronk

bobfronk at gmail.com

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/