This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent access to SSL VPN

Hi,

Is it possible to restrict SSL VPN Access to specific public IP address? I want to prevent that everyone can setup a SSL VPN to our network.

This thread was automatically locked due to age.

0 Scott_Klassen over 9 years ago

I want to prevent that everyone can setup a SSL VPN to our network.
Everyone can't because they don't have the certificate and they don't have your users credentials. Might work to untick automatic firewall rules, then create manual ones.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 AngeloLelieveld over 9 years ago in reply to Scott_Klassen

Yes, I know. But I would also want to restrict the SSL VPN Traffic to specific locations (IP's).
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago
Hi Alelieveld, I agree with Scott that there's already good limitation.  You might want to look at two-factor authentication using OTP (One-Time Passwords).  However, there is a way to do what you want...

Refer to #2 in Rulz.  Create the two following NAT rules, in order:
No NAT : {Allowed IPs} -> {SSL VPN service} -> External (Address)
DNAT : Internet -> {SSL VPN service} -> External (Address) : to {non existent IP}

Today, my preferred {SSL VPN service} for the SSL VPN is UDP 443.  In any case, you don't want to use the preceding technique with UDP or TCP 443.  In this case, you might want to use 1394 (OpenVPN) or 1443.  Again with preference for UDP because it make the VPN faster.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel