Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN client ACL on 3005 Concentrator

I am trying to filter certain public IP addresses which I want to allow to have SSL VPN connections via WebVPN. For instance I want only public IP X.X.X.X to be able to create a SSL VPN Connection to my 3005 Concentrator. Is this possible? I have played around with the Rules and Filters and have got the SSH filter working for a specific address, but not for WebVPN. Would it be better to use the stand alone SSL VPN client, disable WebVPN and try to filter that way?

3 REPLIES
New Member

Re: SSL VPN client ACL on 3005 Concentrator

The wat you have worked out for filtering SSH connections, in a similar way just add rules in the Public(Default) filter for allowing specific IP addresses to be able to establish https session and then deny any.

Have tested here in my lab and it works fine.

To answer your second part SSL VPN Client connection can only be established after logging sucessfully via the WebVPN page.

New Member

Re: SSL VPN client ACL on 3005 Concentrator

I have tried this, but when I set the Concentrator to filter HTTPS traffic, it doesn't work. Is there a specific way you need to set thisup? Do you mind telling me how you configured the concentrator?

New Member

Re: SSL VPN client ACL on 3005 Concentrator

go to Configuration | Policy Management | Traffic Management | Rules

Create a rule for allowing specific IP's for HTTPS.

Then create another rule for cropping the rest of the HTTPS connections.

Then goto Configuration | Policy Management | Traffic Management | Filters

Highlight Public(Default) and lcick on Assign Rules, assign the rule for allowing IP's first and then below it assign the drop rule.

97
Views
0
Helpful
3
Replies
CreatePlease login to create content