block source ip, sslvpn

Unanswered Question
Nov 5th, 2008


i would like to block certain legal ip address that would no be able to open the portal or connect to the sslvpn

i was unable to implement this with an acl

thank you

in advanced

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Tue, 11/11/2008 - 12:10

Before configuring the ACL rules, you must have first configured the time range using the time-range command.

There's a way to block SSL access to a specific source address, that's with a rule on the filter applied to the outside interface. Go to:

Configuration | Policy Management | Traffic Management | Rules

Add a rule and name it.

Direction: Inbound.

Action: Drop

Protocol: TCP

TCP Connection: Don't Care

Source Address: The IP address you want to restrict

Destination Address: The outside of the Concentrator

TCP/UDP Source Port: Leave the range as it is. (Random)

TCP/UDP Destination Port: HTTPS (443)


Now go to:

Configuration | Policy Management | Traffic Management | Filters

And select the one you have applied on the public interface. Assign rules to filter and add from the available rules, the one you just created, to the Current Rules in Filter, move it up so it takes precedence and that way this source IP address will not be able to connect.

adam.patt Tue, 11/11/2008 - 14:15

i think i may have left an important piece of information I'm using an asa 5510 as the sslvpn concentrator


This Discussion