Hi Gulam,
Just after Farrukh answer, I've realized that I misunderstood your question.
If you want to filter user's traffic after establishing RA VPN, the solution
provided by Farrukh is right. Just use an ACL in the outbound direction on
the inside interface (not the outside interface as there is bypass by
default for VPN traffic).
Another solution could be modifying ACL for Split-tunneling.
HTH,
--
Piotr Matusiak
CCIE #19860 (R&S, Security)
Technical Instructor
website: www.MicronicsTraining.com
�If you can't explain it simply, you don't understand it well enough� -
Albert Einstein
2010/1/24 Farrukh Haroon <farrukhharoon_at_gmail.com>
> Hello Ghulam
>
> You can make an access-list on the inside interface of the EZVPN server.
> E.g. an ACL in the outbound direction will be something like:
>
> access-list ... <source-ip-will-be-vpn-ip-pool>
> <destination-local-resource-behind-ezvpn-server>
>
> Regards
>
> Farrukh
>
> On Sun, Jan 24, 2010 at 1:40 PM, GULAM KAREEMUDDIN KHAN
> <gkareemk_at_gmail.com>wrote:
>
> > Dear Experts,
> >
> > I have configured IOS-to-VPN Client (easy-vpn) and able to access server
> > successfully from the client, I need to apply the access-list for VPN
> > clients to allow only particular ports to be accessed from the client.
> >
> > Thanking you.
> >
> > BR
> > Gulm Kareem
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 24 2010 - 20:54:13 ART