Cisco ASA - Restrict traffic to devices on the same VPN VLAN/subnet

Howdy,

I was wondering if it was possible on a Cisco ASA to restrict traffic between clients on the same VPN DHCP VLAN/subnet.

Example:
User 1 VPN’d to ASA - IP address = 192.168.1.99
User 2 VPN’d to ASA - IP address = 192.168.1.100

At present, I can ping 192.168.1.99 from user 2’s PC.

Is there a way to restrict all traffic on the VPN DHCP VLAN so that users VPN’ing onto the network cannot reach or route to other devices on the VPN DHCP VLAN/Subnet?

Thanks.

Create an access list to block all unwanted traffic and apply it to the VPN interface ?

If it is anyconnect, create a new group policy so you can apply an acl as a vpn filter.

Group policy should do that and apply it to the anyconnect profile

Be careful. You might be blocking their voip/video conferencing services between them as well if you do this.

Which setting under Group Policy sorry? I cannot see one.

You need to create an access-list if you want to do it in the GUI do it under access-list manager. Then apply that to your group policy