Cisco VPN Concentrator 3060, and user access after connected to VPN
I have a cisco VPN concentrator 3060 that my users use for remote access. When users connect through the cisco vpn client, they get an ip address in the 10.6.0.0/16 network. This is a DHCP pool I have set up on the concentrator. I have several groups configured on this concentrator. Right now I am in some sort of a bind. I created a new group, but I need them to only have access to one server which is 10.6.0.123/16 when they connect. I don't want them to even be able to ping anything else in this network but 10.6.0.123, which is the server they need to access when connected to the VPN. Is there a configuration setting n the group where I can specify this? Any assistance would be greatly appreciated. Thanks.
ASKER
Thanks. Now with split tunneling enabled, when remote users connect they will have access to the LOCAL internet connection right? When I say local internet connection I mean the same internet connection that my Cisco Concentrator 3060 is on? How could I configure the VPN group to allow split tunneling so I can accomplish my goal of only allowing users in this group have access to one server and make sure their not using the local internet connection to browse? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
First create your network list, these are the routes that will be exported to your vpn client
Configuration > Policy Management > Traffic Management > Network Lists
Give your network list a name and add the host in the area bellow, if you want a single host to be accessed you would use the host and a wildcard mask of 0.0.0.0, host would work if you only want to give access to 10.6.0.123
10.6.0.123/0.0.0.0
Save your network list file and go into the group configuration, click on your client config tab, at the bottom of the page you will have two fields:
Split Tunneling Policy and Split Tunneling Network List
Set your Split Tunneling Policy to: Only tunnel networks in the list
and in your Split Tunneling Network List select the network list that you just created.
Save and test.
Remember that split tunneling is not a very secure mode of providing remote access as the vpn client is a node on your network, it can be used as a bridge from the internet into your network if the vpn client is not properly secured.