Solved

Resticting access over Site-to-Site VPN on Cisco 2801 Router

Posted on 2014-10-27
2
328 Views
Last Modified: 2014-11-05
I have a site to site VPN configured on my Cisco 2801 router between my organization and a vendor. I'm not sure what the vendor uses for a VPN device on their end. Below are the pertinent configs on the 2801:

crypto isakmp policy 3
encr aes 256
authentication pre-share
group 2


crypto isakmp key blah address x.x.x.10

crypto ipsec transform-set Printers esp-aes 256 esp-sha-hmac


crypto map SDM_CMAP_1 30 ipsec-isakmp
description TUNNEL
set peer x.x.x.10
set transform-set Printers
match address 111

access-list 111 permit ip 172.17.10.10 255.255.255.255 host 10.10.2.23


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/3/0.1 overload

route-map SDM_RMAP_1 permit 1
match ip address 141

access-list 141 deny ip 172.17.10.10 255.255.255.255 host 10.10.2.23

Now the only IP this vendor has access to is 172.17.10.10. How do I configured a VPN filter so they can only access 172.17.10.10 via port 3389 (rdp). Also once they are RDP into 172.17.10.10 what stops them from being able to access other parts of the network because at this point they are already in?  So basically this vendor needs access to to 172.17.10.10 via RDP only, so I would like to know what that vpn filter would look like, and once they are in via RDP to 172.17.10.10, what stops them from trying to RDP to another device on the network?
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
naderz earned 500 total points
ID: 40407280
Try applying an extended ACL on the itnerface that uses crypto map SDM_CMAP_1 and limit to RDP.

As far as who can RDP to to your server(s) that needs to be controlled thru Windows ACLs: System Properties > Remote > Remote Desktop > Select Users.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40423898
Thanks.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question