cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

363
Views
0
Helpful
6
Replies
Highlighted
Beginner

Possible to use geo location to block access to remote access VPN?

I tried to create a ACL which was configured as source zone and destination zone both outside with a source IP as my public IP action deny, but once applied, I can still access the VPN signin page. Is there a way to block access to remote VPN from specific IPs?

 

Thank you!

6 REPLIES 6
Highlighted
VIP Mentor

Re: Possible to use geo location to block access to remote access VPN?

if this firepower Geo based ACL possible, if this ASA ( i am afraid as far as i concernt it available on ASA code)

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: Possible to use geo location to block access to remote access VPN?

Yes, it's a FTD firewall managed by FMC running the latest 6.5 code. I'm trying to research and perhaps it needs to be a control panel access control instead of the typical ACL rule? Not sure how or if a control panel ACL can be configured with FMC/FTD?

Highlighted
Collaborator

Re: Possible to use geo location to block access to remote access VPN?

Hi,

 

    Use flexconfig to deploy a control-plane AC; if it doesn't work, open a TAC case and mention this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn78593/?rfs=iqvred

 

Regards,

Cristian Matei.

Highlighted
VIP Mentor

Re: Possible to use geo location to block access to remote access VPN?

Highlighted
Beginner

Re: Possible to use geo location to block access to remote access VPN?

I'm using geo ACL rules else where and it works fine. I just can't restrict access to VPN landing page which is hosted from the firewall outside interface.

Highlighted
VIP Mentor

Re: Possible to use geo location to block access to remote access VPN?

Try @Cristian Matei  suggested flexconfig, if that is feasible for you.

 

BB
*** Rate All Helpful Responses ***