Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1513
Views
0
Helpful
3
Replies

AnyConnect Block remote IP Address on FMC

Go to solution
Ralf Wieseke
Level 1
Level 1

‎06-07-2021 04:41 AM

Hello Community,

Is it possible to block or blacklist an IP address for using client VPN on an FTD using FMC?

 

I can see the connections via packet tracer but i did not see them in the connection events.

 

I tried to configure a prefilter rule and a global blacklist for that IP with no effect.

 

Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-07-2021 05:34 AM

@Ralf Wieseke 

A pre-filter or ACP rule is for traffic "through" the FTD, not "to" the FTD for VPNs. You'll need to use a control plane ACL inbound on the outside interface, this can currently only be done using Flexconfig.

 

Here is an example:-

https://community.cisco.com/t5/network-security/block-access-to-remote-access-vpn-by-ip-address/td-p/4406832

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-07-2021 05:01 AM

Just thogutht why not create an access policy outside interface to block those IP address (which is known) connect to outside IP address.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎06-07-2021 05:34 AM

@Ralf Wieseke 

A pre-filter or ACP rule is for traffic "through" the FTD, not "to" the FTD for VPNs. You'll need to use a control plane ACL inbound on the outside interface, this can currently only be done using Flexconfig.

 

Here is an example:-

https://community.cisco.com/t5/network-security/block-access-to-remote-access-vpn-by-ip-address/td-p/4406832

 

0 Helpful

Go to solution
Ralf Wieseke
Level 1
Level 1
In response to Rob Ingram

‎06-07-2021 06:33 AM

Hi Rob,

This is exactly what i have been looking for.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents