1. Home
  2. Cisco Systems
  3. Question on Remote Access VPN Access Control on IOS

Question on Remote Access VPN Access Control on IOS

Hi, I'm configuring remote access VPN using Cisco VPN Client to an IOS router. Things are working fine, i.e. using dynamic crypto map, XAUTH, and group policy to push dns, DHCP ip address, etc. to the client. One thing I haven't been able to do is to apply ACL to filter the VPN traffic - this is to restrict VPN clients access to only certain ports on our internal server. I know that in the ASA/PIX, a filter list can be applied to the group policy, but i just can't find similar functionality in the IOS group policy.

Any help appreciated! TIA.

Reply to
Uto cen
Loading thread data ...

Uto cen schrieb:

IOS 12.3(8)T introduced Crypto Clear Text ACLs.

crypto map sample_cmap 100 ipsec-isakmp set ip access-group 110 in set ip access-group 111 out

So access-list 110 will filter (or permit!) traffic independant from the inbound ACL on the interface with the crypto map access-list 111 is able to restrict the traffic from router into the IPsec tunnel.

Reply to
Uli Link

Thanks! Exactly what I needed to know. And that should work for dynamic maps as well?

Reply to
Uto cen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.