Howdy,
I was wondering if it was possible on a Cisco ASA to restrict traffic between clients on the same VPN DHCP VLAN/subnet.
Example:
User 1 VPN’d to ASA - IP address = 192.168.1.99
User 2 VPN’d to ASA - IP address = 192.168.1.100
At present, I can ping 192.168.1.99 from user 2’s PC.
Is there a way to restrict all traffic on the VPN DHCP VLAN so that users VPN’ing onto the network cannot reach or route to other devices on the VPN DHCP VLAN/Subnet?
Thanks.
Create an access list to block all unwanted traffic and apply it to the VPN interface ?
If it is anyconnect, create a new group policy so you can apply an acl as a vpn filter.
Group policy should do that and apply it to the anyconnect profile
Be careful. You might be blocking their voip/video conferencing services between them as well if you do this.
Which setting under Group Policy sorry? I cannot see one.
You need to create an access-list if you want to do it in the GUI do it under access-list manager. Then apply that to your group policy