Access-list - ASA 5510, I want to prevent a user from see all but one machine in my LAN

Good day,

I have a cisco ASA 5510, and I would like to create 1  vpn connection (remote access) and   I want this particular user to see only 1 machine.

Is that a possibility?  Can we do this using the ASDM, I am not very familiar with the cisco CLI.

Thanks.
LVL 2
maxalarieAsked:
Who is Participating?
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes, To filter traffic from an VPN-client you go into the appropriate Group-Policy (under Remote Access VPN in ASDM) and search for the "vpn-filter" parameter. Once there, you create an access-list that only permits traffic (from any) to that particular machine. Everything that is not permitted in the access-list will automagically be denied.

This document is a bit old but still relevant:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Best regards
Kvistofta
0
 
maxalarieAuthor Commented:
Thank you very much
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You are welcome!

Best regards
Kvistofta
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
maxalarieAuthor Commented:
It seems I have a nolder version of ASDM and cant see the features  you are talking about. I have ASDM 5.2. the link i have (and other i have found) are pointing to ASDM 6.X and later...


Is there a way to upgrade for free or i need a Support contract?

Thanks.

0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You need to upgrade. And also, not only ASDM needs to be upgraded but the ASA-image (os) itself also.

No there is no legal way to upgrade for free. You need to get a support contract, unless you search on the darker sides of internet.

I suggest you to upgrade to an 8.x-image of ASA-code and ASDM-code 6.x.

Best regards
Kvistofta
0
 
maxalarieAuthor Commented:
I managed to do it.

I  was not looking at the right place. its working now. I have tested the rstricted account with nmap and only 1 machine  is accessible.,
0
 
maxalarieAuthor Commented:
Thanks for the fast help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.