2 IPs, only want to allow SSL VPN on one

Question

Hi all, 
 I’m gradually learning and getting my head around XG and have now got a system setup at home to learn with. 
 I’ve got SSL VPN set up and working, but as far as I can see there is no rule as such which controls which IP it can come in on. 
 So current home setup is 
 FTTP via PPPOE with 2 IP addresses 
 Can I control somewhere which IP it should listen on ONLY or should I be making a block rule on the second IP? 
 Any advice?

FormerMember · Accepted Answer

Hi Ben Gillam1, 
 Step 1. Override the host name with the WAN IP address that you desire to use with SSL Remote VPN. 
 
 Step 2. Create Local Service ACL Exception to allow SSL VPN service on desired WAN IP address. 
 
 Step 3. Remove SSL VPN from WAN zone. 
 
 Note: When you update SSL VPN settings or change SSL Remote VPN policy, users have to re-download SSL VPN configuration from the UserPortal. 
 Thanks,

lferrara · Answer

Ben, 
 you can use a Local ACL to publish your SSLVPN on a single IP instead of WAN zone. Go under Administration menu > Device Access > Create local ACL. Make sure you disable the sslvpn under the WAN zone. 
 Under the VPN menu > Show vpn settings > SSLVPN > override hostname put the dns name or the ip where the VPN service is published to. 
 Regards