Re: SSL VPN client ACL on 3005 Concentrator

DJCanuck1_2 · ‎08-21-2006

I am trying to filter certain public IP addresses which I want to allow to have SSL VPN connections via WebVPN. For instance I want only public IP X.X.X.X to be able to create a SSL VPN Connection to my 3005 Concentrator. Is this possible? I have played around with the Rules and Filters and have got the SSH filter working for a specific address, but not for WebVPN. Would it be better to use the stand alone SSL VPN client, disable WebVPN and try to filter that way?

puagarwa · ‎08-23-2006

The wat you have worked out for filtering SSH connections, in a similar way just add rules in the Public(Default) filter for allowing specific IP addresses to be able to establish https session and then deny any.

Have tested here in my lab and it works fine.

To answer your second part SSL VPN Client connection can only be established after logging sucessfully via the WebVPN page.

DJCanuck1_2 · ‎08-28-2006

I have tried this, but when I set the Concentrator to filter HTTPS traffic, it doesn't work. Is there a specific way you need to set thisup? Do you mind telling me how you configured the concentrator?

puagarwa · ‎08-28-2006

go to Configuration | Policy Management | Traffic Management | Rules

Create a rule for allowing specific IP's for HTTPS.

Then create another rule for cropping the rest of the HTTPS connections.

Then goto Configuration | Policy Management | Traffic Management | Filters

Highlight Public(Default) and lcick on Assign Rules, assign the rule for allowing IP's first and then below it assign the drop rule.