01-23-2017 11:55 AM - edited 03-12-2019 01:49 AM
Hi guys, hope someone can point me in the right direction...
I have a Cisco 2800 acting as a VPN concentrator for numerous (approx 50) IPSEC VPN tunnels into HQ. I've been asked to block/deny traffic on certain ports due to a recent breach. All traffic on 3389 and 445 needs to be denied completely and the same on port 22 also.
Is it possible to set up an ACL on the concentrator that would apply to all tunnels rather than logging into each remote device?. I was looking at the Global command but wasn't sure whether that would work.
Thanks in advance for your help.
01-23-2017 12:08 PM
Hi,
One of the options would be applying the ACL on the LAN/inside interface of the concentrator.
Cheers.
01-23-2017 12:54 PM
Many thanks Leo, I'll give this a go
01-24-2017 06:29 AM
Hi,
Good to know.
If you think it is a good solution, you can mark this thread as answered question.
Cheers.
01-25-2017 07:16 AM
Would you know whether this needs to be configured within the actual interface or just as an ACL?
01-25-2017 08:42 AM
Hi, just as an ACL with "ip access-group ACL1 in" and ip access-group ACL2 out" in the LAN interface.
Cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide