Access-list - ASA 5510, I want to prevent a user from see all but one machine in my LAN

Good day,

I have a cisco ASA 5510, and I would like to create 1  vpn connection (remote access) and   I want this particular user to see only 1 machine.

Is that a possibility?  Can we do this using the ASDM, I am not very familiar with the cisco CLI.

Thanks.
LVL 2
maxalarieAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes, To filter traffic from an VPN-client you go into the appropriate Group-Policy (under Remote Access VPN in ASDM) and search for the "vpn-filter" parameter. Once there, you create an access-list that only permits traffic (from any) to that particular machine. Everything that is not permitted in the access-list will automagically be denied.

This document is a bit old but still relevant:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Best regards
Kvistofta
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maxalarieAuthor Commented:
Thank you very much
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You are welcome!

Best regards
Kvistofta
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

maxalarieAuthor Commented:
It seems I have a nolder version of ASDM and cant see the features  you are talking about. I have ASDM 5.2. the link i have (and other i have found) are pointing to ASDM 6.X and later...


Is there a way to upgrade for free or i need a Support contract?

Thanks.

0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You need to upgrade. And also, not only ASDM needs to be upgraded but the ASA-image (os) itself also.

No there is no legal way to upgrade for free. You need to get a support contract, unless you search on the darker sides of internet.

I suggest you to upgrade to an 8.x-image of ASA-code and ASDM-code 6.x.

Best regards
Kvistofta
0
maxalarieAuthor Commented:
I managed to do it.

I  was not looking at the right place. its working now. I have tested the rstricted account with nmap and only 1 machine  is accessible.,
0
maxalarieAuthor Commented:
Thanks for the fast help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.