scottbortis
asked on
Cisco ASA 5510 VPN Tunnel
I have a Cisco ASA 5510 ASA Firmware 8(x). It is my firewall/perimeter device for the network. Inside the firewall on the internal LAN, I have a terminal server box.
I want to allow users with the Cisco VPN client to connect via VPN and ONLY be allowed to connect to the specific IP address (a specific port on that IP would be even better) of the terminal server to log in using RDP.
I have 250 VPN user license and 2 webvpn licenses. The terminal server is a windows 2008 Standard server. I have no funds to buy any additional equipment, licenses or software. I am not able to set up a DMZ or change the IP address of the terminal server.
All suggestions are appreciated. Thanks in advance.
I want to allow users with the Cisco VPN client to connect via VPN and ONLY be allowed to connect to the specific IP address (a specific port on that IP would be even better) of the terminal server to log in using RDP.
I have 250 VPN user license and 2 webvpn licenses. The terminal server is a windows 2008 Standard server. I have no funds to buy any additional equipment, licenses or software. I am not able to set up a DMZ or change the IP address of the terminal server.
All suggestions are appreciated. Thanks in advance.
ASKER
It seems like it is a problem with the tunnelling group ACL filter.
I cannot seem to get the filter to only allow traffic from my VPN subnet to just this specific IP.
VPN subnet = 10.3.0.0/24
IP trying to connect is 10.0.0.60
The wizard didn't work.
I cannot seem to get the filter to only allow traffic from my VPN subnet to just this specific IP.
VPN subnet = 10.3.0.0/24
IP trying to connect is 10.0.0.60
The wizard didn't work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, it seems that I was having issues with the VPN Filter. I took portions of the document that you linked yurisk and was able to complete my configuration. Thank you both for your help.
ASKER
Thanks for your help
When you clients vpn then they should be able to only connect to that server.
if you do not want to use vpn then create an access rule to allow connection to that terminal server.
Is this terminal server for administration only? If not then you will need terminal server licenses as well.