Allow customers to AnyConnect access to only a few servers when connected

We have 30 teleworkers that we recently acquired that are put in place with the client AnyConnect to connect to our head of line ASA 5510. For security reasons, we must give them access to only 3 of our servers in-house, all our subnet 10.10.X.X/16. The remotes are published an address via DHCP on the SAA 10.10.50.X/24 when connecting. I thought it would be as simple as creating an access list, but have had no luck in doing so. In addition, we must allow them full access to the servers in a data center connected to our head even ASA via a site to site VPN, while they are connected using AnyConnect. Pointers would be appreciated.

ASA version 8.3

Thank you

-Mike

You have two choices. You can either apply the ACL as a tunnel of splitting ACL with Group Policy:

split_tunnel list standard access allowed host 10.10.0.1

split_tunnel list standard access allowed host 10.10.0.2

split_tunnel list standard access allowed host 10.10.0.3

!

Group Policy GROUP attributes

Split-tunnel-policy tunnelspecified

value of Split-tunnel-network-list split_tunnel

or you can apply ACLs as a vpn-filter o group policy:

filter_vendor list standard access allowed host 10.10.0.1

filter_vendor list standard access allowed host 10.10.0.2

filter_vendor list standard access allowed host 10.10.0.3

!

Group Policy GROUP attributes

VPN-filter value filter_vendor

Tags: Cisco Security

Similar Questions

  • ease of access button not working not not when connecting

    I am not able to start any tool to ease of access button to the screen of loin? When I click on the check box and apply it, none of them starts.
    also when I use osk.exe on desktop and run the application as another user then osk.exe automatically disappear when it prompts for password...
    Help, please

    Hi Anujsharma,

    I understand how it could be frustrating when things do not work as expected. Please, I beg you, don't worry I'll try my best to resolve the issue.

    Method 1
    Step 1: I suggest to start the computer in safe mode and check if the problem persists.

    Start your computer in safe mode
    http://Windows.Microsoft.com/en-in/Windows7/start-your-computer-in-safe-mode

    Step 2: If the problem is solved in safe mode, then I suggest you perform the clean boot and remove the program that is causing the problem.

    How to perform a clean boot for a problem in Windows Vista, Windows 7 or Windows 8
    http://support.Microsoft.com/kb/929135
    Note: Follow step 3 of section of boot KB929135 to reset the computer in normal mode.

    Method 2
    I suggest you to scan SFC. Scan SFC will be scans all protected system files and replaces incorrect versions with appropriate Microsoft versions.

    How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7
    http://support.Microsoft.com/kb/929833

    Method 3
    Microsoft safety scanner
    http://www.Microsoft.com/security/scanner/en-us/default.aspx

    Note: when you do an antivirus online, you will lose data that are affected by the virus. Microsoft is not responsible for the loss of this data.

    I hope this helps. Let us know the result.

  • Can someone help me with a Code that allows you to hide all but the first few fields when the form opens

    My form has a section (subform) on top that is always open and then underneath it is dynamic and I want some subforms and sections to open based on users to input. I use action Builder to open the screen and have all the fields that are hidden, but I have too much subforms and must hide individually all subforms. Is there a code that allows you to hide all fields for me when the form opens, and then I can use action Builder to open just what I need based on a drop-down list button or radio?

    Thank you!

    Hello

    Using LockAllFields of Paul's example, you could place the JavaScript code within the root node docReady event (normally 'form1').

    Please note that the last line is the presence of one of the subforms to visible return. Let's call it ShowThisSubform.

    // Declare some variables
var allChildElements;
var intNumElements;
var currentElement;
var j;

// Get all the child nodes of the parent element (the root node/"form1")
allChildElements = this.nodes; // "this" will use the element where the script is placed

//Total number of element in the object
intNumElements = allChildElements.length;

// Loop through all the child elements
for (j=0; j< intNumElements; j++) {
     currentElement = allChildElements.item(j);
     // If the element is a subform we'll hide it
     if (allChildElements.item(j).className == "subform") {
          allChildElements.item(j).presence = "hidden";
     }
}

// Show one of the subforms
ShowThisSubform.presence = "visible";

    Niall

  • Lenovo Y50 only using Intel graphics when connected to the TV with HDMI output

    I recently bought a Lenovo

    you right click on the exe of the fricken game and select 'use nvidia? !!!

    I'm doing it right now with my laptop computer and connected to the tv and it works with my nvidia card... I can also say his work because of the small icon in the lower right... See the photos...

  • I have a dv6 only a few days, when on battery, the screen fades and illuminates constantly

    processor and graphics card amd model windows 7

    Hello

    It is very normal for the way to keep battary runs longer between charges. You can activate the optimum brightness, but the battery will drain faster.

    Kind regards.

  • AirPort Extreme works with only a few devices

    I have an AirPort Extreme 802.11 model ac.

    It worked perfectly for about a month, but now, only a few devices are connected with it. These devices will be connected only after the opening of the AirPort Utility. My AppleTV will not indicate the network, but the message "no network connection. Your Wi - Fi network is not connected to the internet. Change your settings or select a different network. »

    I tried restarting the AirPort Extreme and my router by unplugging and plugging back. I also rebooted AirPort Extreme internally by restarting in AirPort Utility. From now on, only my iPhone and MacBook Pro will connect.

    Even with those who sometimes it will connect and the other will not.

    Any ideas on how to solve this problem?

    I would say that your extreme is autonomous from router mode in Bridge mode... He can do. A power failure caused to ruin the current configuration and replaced another... you must remedy by a complete factory reset and reconfigure correctly.

    Before to do it tell us what model is your modem?

    And you have the configuration of the airport in bridge or router at this time?

  • I heard that there is a paid service allow customers to return their emails if pirate? is this true? details please

    I heard that there is a paid service allow customers to return their emails if pirate? is this true? details please

    Hello

    ·         What e-mail do you use?

    If you use Hotmail you can view the article and check if it helps.

    Recover deleted messages from your Windows Live Hotmail mailbox.

    http://windowslivehelp.com/solution.aspx?SolutionID=1f8432d5-4f7b-4468-9c98-bdf3a469783a

    I hope this helps.

  • The share of customers unable to access the network - error 0x80004005

    Hello, my network has the following configuration.

    • Server - Windows 2003 Server - acting as DNS, domain controller, file server
    • Clients - Windows XP Pro, Windows Vista business, Windows 7 Pro
    • DHCP server is on my router. All customers running on DHCP

    For some unknown reason, some network sharing has stopped working since yesterday. When users connect by Ctrl + Alt + Delete by using their network accounts, they are unable to access their computers in office, services, Skype etc., gives an error of 0 x 80004005 (unspecified error). They are not forced to use roaming profiles.

    I opened Windows Explorer and typed \\server\share. The same error is invited. However, if I try to access the share of \\ip\share, it can show me the files without a problem.

    I took to refine measures issues

    • Connectivity - outcome of the network: Internet access / access server by IP. So no connectivity problem
    • Ping-ing the name of the computer server - result: OK. So not a DNS problem
    • Check firewalls – result: Clients running Windows Firewall correctly. Network type, the value of 'work '.

    Other facts that may be useful

    • No third-party firewall. All running on Windows Firewall.
    • No settings changed before problem appeared
    • Problem appeared after a reboot the server

    (P.s. Skype prompted "Cannot find necessary files and cannot start". "I think it's the same problem with network shares, because the application data is also stored in network shares.)

    Hello

    Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the Forums TechNet Windows 7 Technet.
    Here is the link:
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • Valet parking can be defined as an access point only?

    I'm on ATT U-verse and must use their router but I wish I had an access point "N".  The new valet parking is adjustable as an access point only either turn off the router and DHCP functions?

    Technically Yes, but if you do not set up this way, you will not be able to configure it by using the software, will have to be a manual configuration...

    I recommend the following:

    1. set the Valet for default values (hold the reset for 10 seconds, then release)

    2. connect a PC to the Valet

    3. access to user interface to 192.168.1.1 (if resetting the password will be admin)

    4. go in the wireless tab and configure your SSID and security settings

    -Do not forget to 802.11n you use WPA2 personal security only, nothing else will not give you of top speeds speed

    5. save wireless settings.

    6. go to the basic settings and change the IP address to something different, which I suggest you to 192.168.1.2 (if using another device Linksys or Cisco, as this will help prevent conflicts when you connect your networks together)

    7. save the settings

    8. close the browser and reopen it, access the user interface to the new address 192.168.1.2 (or you have chosen)

    9. on the page basic settings, disable the DHCP server, and then click Save.

    10 disconnect your PC from the Jack and connect the Jack to your network existing (use of the LAN numbered ports to not connect the INTERNET port)

    11. Once you have the LAN ports on the Jack connected to the LAN ports on your existing router, you should be able to pull DHCP from the main router when connected wireless and surf the net...

    Enjoy!

  • I can't connect to the Internet via the wireless network. It shows that I have local access only. I can't connect even in SafeMode with network.

    I can't connect to the Internet via the wireless network. It shows that I have local access only. I can't connect even in SafeMode with network.  I have Ping www.microsoft.com and the answer is "ping request could not find host www.microsoft.com.  I am connected to the network wireless through my iPad and can connect via my smartphone. This leads me to believe there is only something configured properly on my laptop. Can anyone provide assistance?

    Hello

    You can try a system restore...

    http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions

    .. .choose time, until this problem (you may tick to show more older restore points).

    Tricky

  • I can connect to my network, but with access "local only".

    Access to the "Local" network only
    I can connect to my network, but with access "local only".  Internet became more intermittent (not sure if that is related or if I guess it) and did not work in several weeks.  Desktop computer is plugged into the router, but have the same problem when it is plugged into the DSL modem.  Other computers on the same router (wireless or other) work very well.  Recently, I removed Mcaffee and installed MS security essentials.  I uninstalled mcaffee of programs and settings then used the mcaffee removal tool to lighten the rest.  I uninstalled and reinstalled MS security essentials.  I thought it might be a firewall issue, but I get error 0x6D9 when I try to start it.  I tried all the steps in the following post, nothing helps.  Any other suggestions?

    ______________________

    You can follow the steps below and check if that helps you solve the problem.

    Method 1

    Try to power cycle the router and the computer and check if it helps.

    On the PC:

    1. Save your work and restart the machine.

    On the router or modem (if wireless printing):

    1. Unplug the router and the modem.
    2. Wait 30 seconds.
    3. Plug in the modem and wait for it to come to the ready state.
    4. Plug in the router.

    After you put cycle check the connection between the router and the computer.

    Method 2

    If the steps above do not help, you mayreset TCP/IP stack. To reset access the link below and either click on "Fix it for me" or follow the instructions to fix it yourself:http://support.microsoft.com/kb/299357
     
    Disable the IP helpdesk:
    1 hold the Windows key and type R, type "services.msc" (without the quotes) and press enter
    2. scroll down to the IP assistance service, right-click on it and select Properties
    3. in the drop-down list box that says "Automatic" or "Manual", set it to disabled and then click 'apply '.
    4. then click on "Stop" to stop the service from running in the current session
    5. click on OK to exit the dialog box

    Method 3

    Disable IPv6 and remove IPv6 virtual cards:
     
    Try to uninstall IPv6 on all interfaces, the removal of virtual cards of IPv6 and reset the TCP/IP stack. To remove the IPv6, go to the properties for each network adapter, and deselect the check box next to the Protocol "Internet Protocol version 6 (TCP/IPv6), which will turn off, or select it and click on uninstall, which withdraw power off the computer.» Then go into Device Manager and remove any 4to6 adapters, adapters miniport WUN or tunnel adapters.
    NOTE: You should do this for each network connection, even if they are disabled.

    Method 4

    Disable the DHCP Broadcast Flag:
    Link: http://support.microsoft.com/default.aspx/kb/928233
    Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base:
    http://support.microsoft.com/kb/322756.  How to back up and restore the registry in Windows
     
    Windows Vista cannot obtain an IP address from certain routers or some non-Microsoft DHCP servers
     
    To resolve this issue, disable the DHCP BROADCAST flag in Windows Vista. To do this, follow these steps:


    1. Click Start, type regedit in the search box, and then click regedit in the list programs.
    2. If you are prompted for an administrator password or for confirmation, type your password, or click on continue.
    3. Locate and then click the following registry subkey:
    4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ {GUID}
    5. in this registry path, click the (GUID) subkey that corresponds to the network adapter that is connected to the network.
    6. on the Edit menu, point to new, and then click DWORD (32-bit) value.
    7. in the new area #1, type DhcpConnEnableBcastFlagToggle and press ENTER.
    8. right click on DhcpConnEnableBcastFlagToggle, then click on modify.
    9. in the value data box, type 1 and then click OK.
    10. close the registry editor.
     
    By setting this registry key to 1, Windows Vista's trying to get an IP address using the BROADCAST flag in DHCP Discover packets. If that fails, he will try to obtain an IP address without using the BROADCAST flag in DHCP Discover packets.
    You can also try uninstalling and reinstalling the driver for the wireless card.

    ________________

    Thanks for any help!

    Hello

    All changes to the software or hardware of the computer?

    Method 1:

    Visit the link below and follow the steps.

    Of network connectivity status incorrectly as 'Local' only on a Windows Server 2008 or Windows Vista-based computer that has multiple network cards

    http://support.Microsoft.com/kb/947041

    Method 2:

    Update the NIC drivers and check.

    Network adapter problems

    http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-network-adapter-problems

  • Continue to be "access: local only" on a laptop from windows vista Home premium.

    After about a year of just always connect with an Ethernet cable, I decided to solve the problem.

    First of all, I bought a new router and even a net-book with her. (net-book [windows 7] connected with ease), after a week of trying to get it to connect, I gave up.
    Second, I went through the trouble to find the recovery CD supplied with the laptop and restored to its default value of the plant. Despite this, it shows "access: local only.
    The system that I have a problem with is a Toshiba Satellite A135.
    Thanks in advance for anyone who can help you.

    The link below should help you

    http://answers.Microsoft.com/en-us/Windows/Forum/windows_vista-networking/fix-problem-local-only-when-connection-is-across-a/0949042d-074e-43ab-ba95-3c06cc2aa6be

  • "Access: Local only" problem and an unidentified router connection.

    I use a laptop Compaq Presario CQ60 with Windows Vista Home Basic.

    The laptop connects to the router (a Belkin.43A1) However, it is unable to correctly identify the router and does not connect to the internet. Offer me only a "Local" access only

    My brother has the same exact model of the laptop and windows vista edition, with all settings completely unchanged but suffers still from the same connection problem.

    All other devices in the House are able to connect to the internet through the router, such as ipods and game consoles. Another laptop running Windows XP is able to connect without a problem.

    Connecting the laptop to the internet works when connected via an ethernet cable.

    I tried several solutions offered on the internet without any positive results, such as:

    -Disable IPv6

    -Computers wireless card uninstalled, then put it back

    -Uncheck the link layer topology

    -Restart the router/mobile

    -Check and install all updates for windows and HP

    And several others, all parameters have returned to what they once were.

    Help and suggestions or solutions would be greatly appreciated thanks.

    Hello

    It could be set-match security, log in to the router wireless security turned off and see if you can connect

    If it works, restore security.

    Jack-MVP Windows Networking. WWW.EZLAN.NET

  • access only a few photos

    The application accesses only a few photos on my camera. How can I get access to all of them?

    Hello! With the difficulty 1.3 update, this issue should be gone. Please update and let me know if I can help with anything else!

    -Kathleen

  • I bought a license of adobe product, which allows to transfer PowerPoint to word in March. But when I want to use it today, there's a wrong message "drive does not have the ability to access this service!

    I bought a license of adobe product, which allows to transfer PowerPoint to word in March. But when I want to use it today, there's a wrong message "drive does not have the ability to access this service!

    That looks like you are using an older version of reader; See https://forums.adobe.com/docs/DOC-5891

Maybe you are looking for

  • 1130us 4 - envy: Windows 8

    Recovery HP's USB is $ 89 after taxes and shipping. HP offers a link to dl Windows 8? Thank you

  • PSC2175: PSC 2175 does not print on Windows 8.1

    PSC 2175 prints on Windows 8.1. Although it scanner and Windows recognizes that the printer is connected is not in Applications like Internet Explorer and Microsoft Office as an available printer even though it is listed in the hardware and printers.

  • Outlook Exp tells me that I have a file, it can't remove and / 4 I can't open program

    After turning the power on, I clicked on Outlook Express on my desk.  The foundations of outlook express came but not records.  I received a message that says: Folder could not be displayed Outlook Express could not open this folder. Possible causes

  • How to connect wireless hp j6450

    I CAN'T IT CONNECT WIRELESS AND IM NOT ABLE TO USE THE SCANNER ANY HELP WOULD BE GREATLY APPRECIATED THANKS

  • RAID controller does not have bootable VD

    Hello I have a R730 with all the recently updated firmware to the latest versions to try to solve this problem. I need to host a Nvidia K20 (a little old but qualified GPGPU). UEFI turned off so I I have 2 hard drives in raid mirror (1) and you set w