[Last Call] Learn how to a build a cloud-first strategyRegister Now


Cisco IOS Remote Access VPN Restricting Traffic

Posted on 2011-10-27
Medium Priority
Last Modified: 2013-11-08
Hi Experts,
I want to have multiple remote access vpn configurations.
One will be used for internal employees, one for contractors.
Both use a Windows 2008 NAP/Radius profile.
The internal employees get access to the entire subnet.
The contractors get access to one server.
How do I configure the IOS firewall with two profiles to do this? I have done it before with ASA. There are no articles I can find, or are there?
Im using a crypto isakmp client configuration group xxxxx and applying it to the outside interface. I'm also using split-tunneling...I
I don't want to have to past the config so if you can lend me an example or link to exactly this configi it would be appreciated.
Thanks in advance.
Question by:Joesmail
LVL 18

Accepted Solution

jmeggers earned 2000 total points
ID: 37036872
I think what you're trying to do requires RADIUS on the back end to authenticate the user and put them into a particular group.  Take a look at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml and see if it helps.  By using ACS you can assign the user to a group and apply an ACL on what they're allowed to access.

Expert Comment

ID: 37227805
Within NAP VPN enforcement you have the ability to restrict access by creating custom policies on NPS. This is done either with IP filters or using a remediation servers group.

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month17 days, 21 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question