Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
2
Replies

block source ip, sslvpn

adam.patt
Level 1
Level 1

‎11-05-2008 12:04 AM

hello

i would like to block certain legal ip address that would no be able to open the portal or connect to the sslvpn

i was unable to implement this with an acl

thank you

in advanced

Labels:
0 Helpful
2 Replies 2

irisrios
Level 6
Level 6

‎11-11-2008 12:10 PM

Before configuring the ACL rules, you must have first configured the time range using the time-range command.

There's a way to block SSL access to a specific source address, that's with a rule on the filter applied to the outside interface. Go to:

Configuration | Policy Management | Traffic Management | Rules

Add a rule and name it.

Direction: Inbound.

Action: Drop

Protocol: TCP

TCP Connection: Don't Care

Source Address: The IP address you want to restrict

Destination Address: The outside of the Concentrator

TCP/UDP Source Port: Leave the range as it is. (Random)

TCP/UDP Destination Port: HTTPS (443)

Apply.

Now go to:

Configuration | Policy Management | Traffic Management | Filters

And select the one you have applied on the public interface. Assign rules to filter and add from the available rules, the one you just created, to the Current Rules in Filter, move it up so it takes precedence and that way this source IP address will not be able to connect.

0 Helpful

adam.patt
Level 1
Level 1
In response to irisrios

‎11-11-2008 02:15 PM

i think i may have left an important piece of information I'm using an asa 5510 as the sslvpn concentrator

0 Helpful
Customers Also Viewed These Support Documents