Access List for VPNs

Discussion in 'Cisco' started by Hemat Maheshwari, Apr 24, 2006.

  1. access-list 80 permit ip host 202.83.175.110 172.16.200.0 255.255.255.0

    nat (inside) 0 access-list 80


    where
    202.83.175.110 (Outside Interface IP)

    172.16.200.0 (POOL For VPN Clients)


    Is there any problem with this access-list. can vpn users access the
    internat netwrok of 172.16.100.0/24

    or do i have to add more acls.
     
    Hemat Maheshwari, Apr 24, 2006
    #1
    1. Advertisements

  2. Hemat Maheshwari

    AM Guest

    Once the clients get the access through the VPNclient they are identified through the addresses belonging to the pool
    you have assigned to them.

    So you need:

    - to avoid NAT between the internal LAN (behind the inside interface, or whichever interface [outside not included,
    obviuosly] the VPNclients must reach) and the pool you have assigned;
    - to allow the pool to each resources they must reach and the rules must be applied on the outside interface.

    For me the rule you wrote does nothing.

    HTH

    A.
     
    AM, Apr 24, 2006
    #2
    1. Advertisements

  3. Hemat Maheshwari

    rave Guest

    access-list 80 permit ip 172.16.100.0 255.255.255.0 172.16.200.0
    255.255.255.0
    nat (inside) 0 access-list 80

    now they will be able to access the inside network 172.16.100.0
     
    rave, Apr 24, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.