Many thanks Leo, I'll give

BHconsultants88 · ‎01-23-2017

Hi guys, hope someone can point me in the right direction...

I have a Cisco 2800 acting as a VPN concentrator for numerous (approx 50) IPSEC VPN tunnels into HQ. I've been asked to block/deny traffic on certain ports due to a recent breach. All traffic on 3389 and 445 needs to be denied completely and the same on port 22 also.

Is it possible to set up an ACL on the concentrator that would apply to all tunnels rather than logging into each remote device?. I was looking at the Global command but wasn't sure whether that would work.

Thanks in advance for your help.

Leonardo Gama · ‎01-23-2017

Hi,

One of the options would be applying the ACL on the LAN/inside interface of the concentrator.

Cheers.

BHconsultants88 · ‎01-23-2017

Many thanks Leo, I'll give this a go

Leonardo Gama · ‎01-24-2017

Hi,

Good to know.

If you think it is a good solution, you can mark this thread as answered question.

Cheers.

BHconsultants88 · ‎01-25-2017

Would you know whether this needs to be configured within the actual interface or just as an ACL?

Leonardo Gama · ‎01-25-2017

Hi, just as an ACL with "ip access-group ACL1 in" and ip access-group ACL2 out" in the LAN interface.

Cheers.

ACLs on VPN Concentrator