Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

deny access to file sharing in VPN

Status
Not open for further replies.
vedatshabani

vedatshabani

IS-IT--Management
Apr 24, 2007
6
YU
Hi. I have created VPN between two Cisco routers 1700. Everything works fine, but what I want now is that I have to deny access to files that are shared in the network to both sides of VPN. How can I deny this access, that PC's on other side can't see my files that are shared? This deny I want to aply in the configuration of the routers. I hope that I raised fine my problem...
 
Sort by date Sort by votes
Please be more specific---include IP addresses that you want to allow and deny as well. Also include the private IP range that is assigned to the connecting client to the VPN.

Burt
 
Upvote 0 Downvote
My VPN is configured like below:

crypto map VPN 3 ipsec-isakmp
...
match address VPN-3

ip access-list extended VPN-3
permit tcp host 10.0.0.197 host 192.168.53.204
permit tcp host 10.0.0.100 host 192.168.53.204
permit tcp host 10.0.0.128 host 192.168.53.204

My inside interface has these access-groups:

interface FastEthernet0
ip address 10.0.0.254 255.255.255.0
ip access-group F0-IN in
ip access-group F0-OUT out


I want to use VPN just for connection to FTP Server from my network 10.0.0.0 in the ip address 192.168.53.204.
And I want to deny every try of connection from 192.168.53.204 where destination is my network 10.0.0.0.

I tried to add some ACL to FO-OUT like:

Extended IP access list F0-OUT
permit tcp 192.168.53.204 255.255.255.255 eq ftp any log
permit tcp 192.168.53.204 255.255.255.255 eq ftp-data any
deny ip host 192.168.53.204 10.0.0.0 0.0.0.255 log

But these ACL deny also some ports behind of FTP server when it use some other ports then 20 and 21 to transfer data in FTP.
Do you have now any idea how I can solve this issue?
 
Upvote 0 Downvote
your problem is that at the end of an acl there is an implicit deny statement.
so if it doesnt match any of your acls entries it will be denied.

so your going to have to think your rules through and know exactly what you wish to permit and deny.then you can go about putting those rules into the acl and decide the best interface to apply them to.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
366
badwolf1686
B
jobsp90
  • Locked
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
463
DavetheChef
DavetheChef
CPM86
  • Locked
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
520
CPM86
CPM86
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
539
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
741
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top