Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7213
Views
5
Helpful
7
Replies

Possible to use geo location to block access to remote access VPN?

Jack G
Level 1
Level 1

‎03-06-2020 08:57 AM

I tried to create a ACL which was configured as source zone and destination zone both outside with a source IP as my public IP action deny, but once applied, I can still access the VPN signin page. Is there a way to block access to remote VPN from specific IPs?

 

Thank you!

2 people had this problem
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎03-06-2020 09:04 AM

if this firepower Geo based ACL possible, if this ASA ( i am afraid as far as i concernt it available on ASA code)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Jack G
Level 1
Level 1
In response to balaji.bandi

‎03-06-2020 09:09 AM

Yes, it's a FTD firewall managed by FMC running the latest 6.5 code. I'm trying to research and perhaps it needs to be a control panel access control instead of the typical ACL rule? Not sure how or if a control panel ACL can be configured with FMC/FTD?

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Jack G

‎03-06-2020 09:22 AM

Hi,

 

    Use flexconfig to deploy a control-plane AC; if it doesn't work, open a TAC case and mention this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn78593/?rfs=iqvred

 

Regards,

Cristian Matei.

kostasthedelegate
Level 4
Level 4
In response to Cristian Matei

‎11-18-2020 01:43 AM

Hello, 

 

Could you give us some hint how the flexconfig configuration should be?

 

Regards, 

Konstantinos

0 Helpful

Jack G
Level 1
Level 1
In response to balaji.bandi

‎03-06-2020 09:36 AM

I'm using geo ACL rules else where and it works fine. I just can't restrict access to VPN landing page which is hosted from the firewall outside interface.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Jack G

‎03-06-2020 09:40 AM

Try @Cristian Matei  suggested flexconfig, if that is feasible for you.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card