11-05-2008 12:04 AM
hello
i would like to block certain legal ip address that would no be able to open the portal or connect to the sslvpn
i was unable to implement this with an acl
thank you
in advanced
11-11-2008 12:10 PM
Before configuring the ACL rules, you must have first configured the time range using the time-range command.
There's a way to block SSL access to a specific source address, that's with a rule on the filter applied to the outside interface. Go to:
Configuration | Policy Management | Traffic Management | Rules
Add a rule and name it.
Direction: Inbound.
Action: Drop
Protocol: TCP
TCP Connection: Don't Care
Source Address: The IP address you want to restrict
Destination Address: The outside of the Concentrator
TCP/UDP Source Port: Leave the range as it is. (Random)
TCP/UDP Destination Port: HTTPS (443)
Apply.
Now go to:
Configuration | Policy Management | Traffic Management | Filters
And select the one you have applied on the public interface. Assign rules to filter and add from the available rules, the one you just created, to the Current Rules in Filter, move it up so it takes precedence and that way this source IP address will not be able to connect.
11-11-2008 02:15 PM
i think i may have left an important piece of information I'm using an asa 5510 as the sslvpn concentrator
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide