Cisco VPN :: 3020 Concentrator - How To Restrict Access
Sep 13, 2011
Client: CISCO VPN Client
VPN server: Cisco Concentrator 3020 OS v 4.7
I want to get away from configuring split tunneling for security reasons. With Split tunneling and I am able to specify to which subnets the clients have access to. I do it defining "Network Lists"
When I modify the group and select "tunnel everything" under "client config" tab, the users then can access all subnets in the LAN. When I select this option the "Split tunneling network list" is grayed out
End goal is to make all traffic go thru the tunnel but be able to resctrict access to speficic subnets.
I have 3000 concentrator in 192.168.1.x/24 network (concentrator has static IP of 192.168.1.4/24 assigned to its private int). I can manage it thru HTTP from any PC in the same subnet, but connection failes while trying to connect from PC on different subnet (i.e. 10.1.1.x/24). Is there ACL in concentrator config which needs to be modified to allow management from different subnet?
In our neighborhood we have about 10 residents on a LAN controlled by 1 resident. For connection I have a LAN modem which connects wirelessly to an aerial at resident 1. I have 2 computers one with Win 7 Ultimate and one with XP SP3. Thinking incorrectly that I was setting up a home network, in trying to get my 2 PC's to talk to one another I have permissions set up for everyone on both machines. However I have discovered that now all 10 residents can see my 2 PC's. While I can see both PC's from either machine, in trying to change the "Everyone" to restrict access to the names of each of the 2 pcs only, I can only see users and Administrator on that particular machine only and cannot add a user/name of the other PC. How can I stop the other residents from seeing my machine but allow me to see either of my machines from one another?
. In our neighborhood we have about 10 residents on a LAN controlled by 1 resident. For connection I have a LAN modem which connects wirelessly to an aerial at resident 1. I have 2 computers one with Win 7 Ultimate and one with XP SP3. Thinking incorrectly that I was setting up a home network, in trying to get my 2 PC's to talk to one another I have permissions set up for everyone on both machines. However I have discovered that now all 10 residents can see my 2 PC's. While I can see both PC's from either machine, in trying to change the "Everyone" to restrict access to the names of each of the 2 pcs only, I can only see users and Administrator on that particular machine only and cannot add a user/name of the other PC.
I have joined my ACS box to the domain and can auth users in active directory groups. I thought about this somewhat and would prefer to only use AD users in ACS groups. Is this possible, I can only seem to do local users in local groups and AD users in AD groups.Many people have access to AD so I don't want anyone to be able to move users in and out of AD groups and get access to equipment.
got myself the Netgear internal PCI wifi adapter today & it works just fine on my Windows XP SP3 desktop.
The only problem I have is the question of restricting access to kids @ home. If it was an external USB adapter, I could have just taken it away but the concern is the device being an internal & always available one. The user configuration on the PC is such that there is 1 main administrator (The actual windows "administrator" account) that no one uses. Apart from that,
- 1 user with admin privileges (me)
- 1 limited account for the kid
- 1 admin privilege account for the kid again (for purposes like installation of games which require an admin account as mandatory)
I would like for the wifi PCI card to work only when I login to my account. There must be someway by which I could disable the device or make the internet inaccesible in the other accounts,, (but pls bear that 1 of the account that the kid uses also has admin privilege)
I tried disabling the device from control panel but in vain.. (tried something like the sys admins do in corporates ..) disabling the usb ports on the PC's in my office..!
We're planning to ope a coffee house for teens at my church. We want the internet to be accessible to them but want to restrict what sites they can access so homework, games, etc. can be accessed but not the stuff rated for violent, rrisky behaviors.
Have a new DIR-825 setup at home for coverage to another part of the house. I want to completely restrict clients using this WAP from accessing a couple internal IP's (that I use for work-related things). Restriction meaning filesharing, ping, RDP, etc - everything. Can this be done on the router side?
I would like to restrict Internet traffic (HTTP & HTTPS) for Inside Users with an ASA 5505. I would like to setup a proxy-like system where a User/Password must be entered before the User can actually browse the web.
I know that this can be done with an additional RADIUS/TACACS+ Server. Is this also possible without any external AAA Server, so with User/PW stored on the ASA locally only?
We have purchased an RV110W and I need to restrict internet access to the entire internet with the exception of 4 websites that are required for employees to do their jobs. I need to do this on 3 specific machines, not the entire network. I have looked at the internet access and schedule management pages of the router and just can seem to figure out how to do this.
I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.
in our VPN configuration (ASA5520, Anyconnect VPN Client), we have different VPN User Groups. These Group Policies are retrieved from an LDAP Server.We'd like to restrict the acess like this:
A Group "Home User" might establish a VPN from anywhere on the Internet
A Group "restricted 3rd party" should only be allowed to establish a VPN from their specific public Source IP Address on the Internet (the public IP Address of this 3rd party Company). When these Users try to connect from any other IP Address on the Internet(Home, hotel, etc), VPN Access should not work!
On our old solution, we were able to limit the remote access network, per user group, to some source IP's.
The IP Filters related to group policies in here seem only to be filters concerning the VPN Address (after the VPN is established: where can this user group connect to). But I did not find filters/access lists, where yoiu can define/restrict public access networks for some groups.Or is it possible to do that by Dynamic Access Policies? How?
I have a 16 port hub (NM-16ESW) installed in this router. Is there a way to lock down this hub so that only whitelisted machines will be allowed to connect to its ports? ie: by mac address or some other type of permission method? How to be able to plug their computer into the hub and join the network unless their device has been ok'd first.
I've been using "Linksys by Cisco Wireless-N Home ADSL2+ Modem Router WAG120N". I can restrict internet access to only 8 computers using their Mac adresses but there are no ore entry fields for Mac adress than 8. What shall I do when I need to block internet access to more than 8 computers say 20 computers on wired LAN? I don't like the option blocking the internet access via IP address. I found they are not that effective as the option Mac adress
How can I restrict wireless access to specific devices? Ideally, I would like to turn the access off and on to restrict my children's usage when we're not around or when they try to sneak on during the night.
I have a client who has asked me to "optimize" their network.They currently have a few shared folders that everyone can see, but what they want is to restrict access to some of the computers on the network.More specific,they don't want the receptionist and the backroom workers to have access to those shared folders while the rest of the employees (the bosses) do have access to those folders.They have 2 computers with Windows 7, 2 computers with Windows XP, and a mac.
I need to restrict access or rather, block altogether if i can, access of one of the computers on my local wireless network, to online multi-player gaming sites, in particular Age of Empires and Voobly.com, which also uses a messenger type program for them to chat.I've searched and searched online, but alas, have come up with nothing that i understand. I've tried doing the block ports thing, but am unsure if what i've been doing is right. I have blocked Voobly.com under domain and URL settings via the router admin page, but for some reason, it only seems to be denied on my computer. I even went so far as to register and download relevant programs to my computer, for Voobly, so i could see if the blocking worked. Seems it's only my computer that's blocked, i didn't specify ip or mac addresses.I am unable to get on the other computer as it's not mine, and it's also password locked. I don't know the password
I have 4 PCs connected to a wireless modem router(WBR 6601).All 4PCs are configured to shared all folder in C drive. These PCs are not configure to use domain.The thing is whenever I let my guest to connect to my wireless modem router for internet usage. They will be able to see all of my shared Folder(4 PCs) under the network Terminals.Is there anyway i can restrict the guest from accessing/seeing my shared folder and allow them to connect to my WAP to use for internet browsing only ?
I have 2 mbps line with D-link modem shared by 2 persons through wire. Sometime I feel that my client is using more band width than me so I want to know is there is any way I can control the speed of my client.
What are good ways to restrict access to LOL? I don't want a total block, but either set a cut off time - and/or restrict the total access time per day?
We have a network of 30 VLANS and currently all the vlans have access to everything. We are using Cisco 6509 switch for Layer3 routing.I would like to prevent some VLANs accessing the server VLANs. How can i resrict access to the server VLANs? Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered?
Is it possible to restrict the Remote Access VPN to ASA based on the Source Public IP , if so how ? here I am not talking about the VPN-Filter under group-policy . I Want to restrict the access from specified source IP (Public IP)
On a small Bording School we have the students living in several small houses, each equipped with an AP.Each Ap serve 4 Vlans.I want to restrict the switch for these AP, in a way to keep the students from removing the AP and connecting their own equipment.I tried using the secure port feature on the SG300, but that had the result of allowing the AP but denying all the users connected to the AP.The switch is a SG300-28P placed in L3 mode.
1. Around 100 laptops and desktop computers need wireless internet access, but some of them on limited times during the day.
2. Not all wireless devices are allowed on using the wireless network.
3. There are also wired desktops that don't need restrictions.
4. We need the possibility to restrict most of the wireless devices to access certain websites or use certain applications on those computers to use internet access during the times that the computers are allowed to access the internet.
5. We want to restrict the clients for using torrents or other possibilities of downloading illegal content.
What we were able to do:
1. The accesspoints (AP 541N) are clustered to achieve 1 large wireless network.
2. Only mac-adresses that are listed in the accesspoints are capable of using the wireless network. Other mac-adresses are not allowed to use the accesspoints.
What we tried already:
1. adding the mac-adresses for the accesspoints to the list of "internet access policy" in the router. Internet access seemed still possible during periods the access wasn't supposed to be possible.
2. adding the mac-adresses from all clients in this internet access policy seemed useless. Only 10 Internet Access Policies seem to be possible to program. 8 mac-adresses per policy. Knowing there are (at least) two policies needed to restrict a group of 8 macs to access the internet in 24 hours (because blocking the internet from f.e. 22u in the evening to 6 in the morning is not possible because 6 is smaller than 22 - or 10PM).Besides, after blocking internet access, we need also to write policies in blocking some websites or keywords.
I have 4 PCs connected to a wireless modem router(WBR 6601). All 4PCs are configured to shared all folder in C drive. These PCs are not configure to use domain.The thing is whenever I let my guest to connect to my wireless modem router for internet usage. They will be able to see all of my shared Folder(4 PCs) under the network Terminals.Is there anyway i can restrict the guest from accessing/seeing my shared folder and allow them to connect to my WAP to use for internet browsing only ? :scratch:
My equipment :scratch::- PC #1 - Acer M1830(Windows 7 Home Premium) PC #2 - Acer M1900(Windows 7 Home Premium) PC #3 - DELL Vostro(Windows XP Pro) PC #4 - DELL Inspiron(Windows XP Pro) Level 1 WBR 6601 Wireless/Modem Router
If there are no configuration can be done is there any hardware tools that have this restricting feature ?
As an example, I have 3 computers on a home network:
Machine A Machine B Machine C
What I would like to do is isolate "Machine C", so that it cannot communicate with "A" or "B" and vice versa. It should be an entirely separate entity.
Let's say I'm using a Linksys E4200. Is there a good way to configure the above scenario with the default firmware? Is it possible with non-default firmware such as DD-WRT or Tomato? I do not have experience with this but have no problem learning.
My understanding is that this can be done by placing "Machine C" in the DMZ. Unfortunately, I am told a lot of home routers do not have a secure way of setting up DMZ by default. The two routers solution can work but still requires restricting administrative access from "Machine C" and adds an additional potential point of failure.
We have a network of 30 VLANS and currently all the vlans have access to everything. We are using Cisco 6509 switch for Layer3 routing.I would like to prevent some VLANs accessing the server VLANs. How can I restrict access to the server VLANs?Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered ?
