How to limit the outbound connection PPTP VPN client

We have an ASA and inspect enable pptp. However, is there a way to allow pptp connections out of our LAN 192.168.0.0 to certain specific IP on the internet like 88.88.88.88 and 89.89.89.89 through ACL? Right now, users can connect to any VPN PPTP out as they see fit.

I tried with NAT with no luck

This is the error message I got before you inspect enable them pptp.

3. July 3, 2007 13:36:33 | 305006: failure of the regular creation of translation for the internal protocol 47 CBC: 192.168.1.199 outside dst: 66.201.201.207

and this is our config (previously inspect pptp):

permit same-security-traffic inter-interface

permit same-security-traffic intra-interface

ExchangeOWA tcp service object-group

Description Exchange Web and Mobile Access

EQ smtp port object

EQ object of the https port

port-object eq www

inside_nat0_outbound list of allowed ip extended access any 192.168.100.0 255.255.255.192

permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.123.0 255.255.255.0

inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.222.0 255.255.255.0

inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.111.0 255.255.255.0

access-list extended dzm ip allowed any one

access-list extended dzm permit icmp any one

list of external extended ip access allowed a whole

cont_in list extended access permit ip host 66.66.66.135 all

access list outside extended permit tcp any host 66.66.66.133 object - group ExchangeOWA

list of extended outside access permit tcp any host 66.66.66.137 eq pptp

outside allowed extended access will list any host 66.66.66.137

access list outside extended permit icmp any any echo response

permit outside_cryptomap_20 to access extended list ip 192.168.0.0 255.255.0.0 192.168.123.0 255.255.255.0

Split_tunnel_ACL list standard access allowed 192.168.0.0 255.255.0.0

outside_cryptomap_80 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.111.0 255.255.255.0

outside_cryptomap_60 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.222.0 255.255.255.0

pager lines 24

Enable logging

asdm of logging of information

Outside 1500 MTU

Within 1500 MTU

management of MTU 1500

mask of 192.168.100.1 - local 192.168.100.50 BBBB-pool IP 255.255.255.0

ICMP allow all outside

ICMP allow any inside

ASDM image disk0: / asdm512 - k8.bin

don't allow no asdm history

ARP timeout 14400

NAT-control

Global interface 10 (external)

NAT (inside) 0-list of access inside_nat0_outbound

NAT (inside) 10 0.0.0.0 0.0.0.0

static (inside, outside) 66.66.66.133 tcp smtp 192.168.1.16 smtp netmask 255.255.255.255

static (inside, outside) tcp 66.66.66.133 www 192.168.1.16 www netmask 255.255.255.255

static (inside, outside) 66.66.66.133 tcp https 192.168.1.16 https netmask 255.255.255.255

public static 66.66.66.134 (Interior, exterior) 172.30.1.50 netmask 255.255.255.255

public static 66.66.66.137 (Interior, exterior) 192.168.1.10 netmask 255.255.255.255

outside access-group in external interface

Route outside 0.0.0.0 0.0.0.0 66.66.66.129 1

Route inside 192.168.1.0 255.255.255.0 192.168.10.2 1

Route inside 172.30.1.0 255.255.255.0 192.168.10.2 1

Route inside 172.20.20.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.101.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.102.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.103.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.106.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.6.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.3.0 255.255.255.0 192.168.10.2 1

Route inside 192.168.2.0 255.255.255.0 192.168.10.2 1

Timeout xlate 03:00

If you added the acl exactly as it appears above, it would not need to specifically allow http and https as the 2nd to last line is to allow an entire ip.

Tags: Cisco Security

Similar Questions

  • How to limit the number of connection to DB

    Hello

    I just go to the topic of connection pooling.
    Here, I would like to understand the number of details of connections that already exists in the database.

    Kindly guide me to know the following details.

    How to know the number of connections available in the database?
    How to limit the number of connections?

    V_$ Resource_Limit contains details of the sessions. Is this even for connections?

    I have more clarification on the difference of connections and Sessions.

    Kindly tell me the above.

    Thank you
    Orahar.

    Orahar wrote:
    Hello

    I just go to the topic of connection pooling.
    Here, I would like to understand the number of details of connections that already exists in the database.

    Kindly guide me to know the following details.

    How to know the number of connections available in the database?

    The number of currently active sessions (db, internal sessions registered)

    SELECT COUNT (*)
    SESSION $ v

    How to limit the number of connections?

    to increase or decrease the maximum number of connections:

    for example: change processes control system = 200 scope = spfile;

    >

    V_$ Resource_Limit contains details of the sessions. Is this even for connections?

    I have more clarification on the difference of connections and Sessions.

    Connection means a user process is successfully connected to the listener to have a session on the database running instance. (listener who listen s new connection requests)
    Establish sessions: means, a (dedicated) server process began to serve a user process. It is done when the credentials of the user authenticated successfully. Now, from process-user shall communicate to the server process directly.

    hope that helps.

    Kind regards
    X.

  • Satellite Pro U200 - how to activate the bluetooth connection

    How to activate the bluetooth connection?

    Hello

    First check to see if your computer supports BT
    If the laptop supports BT, then you should find a BT tag at the bottom of the unit.
    If there is no label then your machine was not equipped with internal BT module!

    If the laptop supports BT, then use the FN + F8 key to go to the BT
    Then BT should start installation and configuration.

    For more details, see this forum and this Toshiba BT Portal:
    http://APS2.toshiba-tro.de/Bluetooth/?page=FAQ

  • How to limit the length of the texts on iOS9?

    Hello

    I just worked on why I am required by my mobile / cell phone provider EA.  They charge any text as a picture message / SMS, it is longer than 120 characters?  Does anyone know how to limit the length of the texts / SMS so that it is impossible to send a more 120 characters or create an alert so that you are aware of the number of characters in the text / sms?

    Thank you very much

    Hello Turnus123,

    Thank you for using communities of Apple Support.

    I see that you will have to pay for SMS more than 120 characters.  To help identify messages exceeds this amount, you can activate a number of characters in the message settings.  Simply go to settings > Messages and activate "number of characters".

    Message settings

    Take care.

  • I have a new time capsule airport. How to limit the search for who can use the time capsule backup process?

    I have a new time capsule airport. How to limit the search for who can use the time capsule backup process?

    Set a password to disk... disk tab in the utility... and just give to those you want to use the TC...

  • How to limit the media sharing on my computer

    Original title: multimedia file sharing...

    How to limit the sharing on my computer, IE multimedia: music, images and other files from other computers on the network or cell phones that are capable of DLNA?

    Hello

     
    Please check the links given and see if they help.
  • How to limit the email receipt/downloaded size?

    I need information on how to limit the size of an email received or downloaded in Windows Mail to reduce the cost of the enamel of satellite data. Want to just send and receive, especially to receive emails with no graphics and keep it small.

    Simply set up for this purpose a message rule: tools, Message rules, mail, new...
     
    Gary van, Microsoft MVP (Mail)
    ------------------------------------------------------

    "moosehuntingguy" wrote in the new message: * e-mail address is removed from the privacy... *
    I need information on how to limit the size of an email received or downloaded in Windows Mail to reduce the cost of the enamel of satellite data. Want to just send and receive, especially to receive emails with no graphics and keep it small.

    Gary van, MVP (Mail)

  • How to limit the number of printers can be installed on this computer by using Group Policy?

    How to limit the number of printers can be installed on this computer by using Group Policy?

    Hello

    Thanks for asking! If I understand correctly, you should limit the printers installed on the computer by using Group Policy. I suggest you follow the troubleshooting steps to check if this may help.

    The question you have posted is related to Technet and would be better suited to the Technet community. Please visit the link below to find a community that will provide the best support.
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • How to find the failed connection attempts at 'check' session is enabled

    How to find the unsuccessful connection attempt to dba_audit_trail when the "audit logon" is enabled.

    Filter your query against dba_audit_trail action_name = 'CONNECTION' with returncode! = 0 (returncode = 0 means that there are no errors - successful connection attempts)

  • I out of the CC to my previous laptop and I can not understand how to create the link connection in my new laptop

    I out of the CC to my previous laptop and I can not understand how to create the link connection in my new laptop

    Hi Steven,

    You have the CC of Adobe desktop application installed on your machine?

    In the case is not, please see the help below document to download the same:

    Creative cloud to desktop

    Kind regards

    Sheena

  • If I don't get creative cloud, how will limit the use of photoshop touch?

    If I don't get creative cloud, how will limit the use of photoshop touch?

    I don't think it will limit your work with PS Touch, but could enahnce it a little.

    Just try to free membership of 2 GB and find out:

    https://creative.Adobe.com/plans

    Thank you!

  • How to limit the length of the EditText control?

    All,

    How to limit the length of an EditText to accept ONLY 3 characters.

    The editText.characters property defines a size by default, but the user can always type more than 3 characters in the field.

    I got it!!!

    var win = new Window("dialog", "Limit 3");
    var txtLimit3 = win.add("edittext");
    txtLimit3.characters = 5;
    
    txtLimit3.onChanging = function (){
              howmany = txtLimit3.text;
              if (howmany.length > 3){
                        txtLimit3.text = "";
                        txtLimit3.textselection = howmany.slice(0,3)
                        }
              }
    
    txtLimit3.active = true;
    win.show();
    
  • How to recover the sqlplus connection string?

    I would get connection string of the sql syntax, but cannot find how.

    Thank you for helping me!
    m.

    How to recover the sqlplus connection string?

    In sql * more type

    DEFINE _CONNECT_IDENTIFIER
    
  • How to customize the installation of 5.0 client

    Does anyone have a real document or for example on how to customize the installation MSI 5.0? Is it the same thing as 4.6 customizations? Same formats png? Because I don't see a vpnclient_en.msi in the default package.

    Thank you

    Dave

    The custom version of vpn client 5.0 Setup is the same since version 4.6. The vpn client package contains the "vpnclient_setup.msi" file that can be used for installation. The following link can help you

    http://www.Cisco.com/en/us/docs/security/vpn_client/cisco_vpn_client/vpn_client46/Administration/Guide/vcAch7.html

  • How to change the display language for vsphere client from the web?

    Hi all

    I would like to know how to change the display language for vsphere client from the web?

    help please, thank you!

    Take a look at http://blogs.vmware.com/vsphere/2012/10/the-vsphere-web-client-and-localization.html to see which languages are available and how to change the URL.

    André

Maybe you are looking for

  • iMac 5 k - restart during work - sometimes with Kernel Panic

    Hello my computer restarts during my work 1 or 2 times a day. Sometimes I get a kernel panic Message. Here's my report from panic. Maybe someone can read it. :-) iMac 5K (end of 2015), OS X El Capitan 10.11.6, with all updates, no device on the USB P

  • usefulness of reading the measurement file express vi

    Hello I found reading file express vi measure in LV7.1 does not read from the beginning of the file when you run it the second time. Instead, it resume from where it left off last time. Usually, the user would read the entire file measure each time.

  • "Exception processing C0000013Parameters 75b6bf7c_4_75b6bf7c 75b6bf7c message mean?

    I have the following message several times and have no idea what this means, HELP. "Average processing C0000013Parameters 75b6bf7c_4_75b6bf7c 75b6bf7c Exception message?

  • XP Home Edition licenses!

    Hello I bought Xp home edition. I use it on my desktop. The question is, am I legally allowed to install Xp home edition on 3 machines of my friends? That means the XP license say about it? I wouldn't have problems future activation. (Actually I firs

  • bricked sansa e260: do not format (or do something else besides)!

    First of all, I want to apologize to ask you this question often, but I assure you, that my problem is a little different from the others. In short, I am able to get into recovery mode, access to 16 MB-FORMAT drive in Windows XP and Ubuntu 8.04 and s