08-21-2006 03:39 PM
I am trying to filter certain public IP addresses which I want to allow to have SSL VPN connections via WebVPN. For instance I want only public IP X.X.X.X to be able to create a SSL VPN Connection to my 3005 Concentrator. Is this possible? I have played around with the Rules and Filters and have got the SSH filter working for a specific address, but not for WebVPN. Would it be better to use the stand alone SSL VPN client, disable WebVPN and try to filter that way?
08-23-2006 03:23 PM
The wat you have worked out for filtering SSH connections, in a similar way just add rules in the Public(Default) filter for allowing specific IP addresses to be able to establish https session and then deny any.
Have tested here in my lab and it works fine.
To answer your second part SSL VPN Client connection can only be established after logging sucessfully via the WebVPN page.
08-28-2006 10:18 AM
I have tried this, but when I set the Concentrator to filter HTTPS traffic, it doesn't work. Is there a specific way you need to set thisup? Do you mind telling me how you configured the concentrator?
08-28-2006 12:15 PM
go to Configuration | Policy Management | Traffic Management | Rules
Create a rule for allowing specific IP's for HTTPS.
Then create another rule for cropping the rest of the HTTPS connections.
Then goto Configuration | Policy Management | Traffic Management | Filters
Highlight Public(Default) and lcick on Assign Rules, assign the rule for allowing IP's first and then below it assign the drop rule.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide