VPN: Site to Site and Remote Access Prevent access to SSL VPN

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 1 subscriber
Views 8329 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent access to SSL VPN

AngeloLelieveld over 9 years ago

Hi,

Is it possible to restrict SSL VPN Access to specific public IP address? I want to prevent that everyone can setup a SSL VPN to our network.

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago
Hi Alelieveld, I agree with Scott that there's already good limitation.  You might want to look at two-factor authentication using OTP (One-Time Passwords).  However, there is a way to do what you want...

Refer to #2 in Rulz.  Create the two following NAT rules, in order:
No NAT : {Allowed IPs} -> {SSL VPN service} -> External (Address)
DNAT : Internet -> {SSL VPN service} -> External (Address) : to {non existent IP}

Today, my preferred {SSL VPN service} for the SSL VPN is UDP 443.  In any case, you don't want to use the preceding technique with UDP or TCP 443.  In this case, you might want to use 1394 (OpenVPN) or 1443.  Again with preference for UDP because it make the VPN faster.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago
Hi Alelieveld, I agree with Scott that there's already good limitation.  You might want to look at two-factor authentication using OTP (One-Time Passwords).  However, there is a way to do what you want...

Refer to #2 in Rulz.  Create the two following NAT rules, in order:
No NAT : {Allowed IPs} -> {SSL VPN service} -> External (Address)
DNAT : Internet -> {SSL VPN service} -> External (Address) : to {non existent IP}

Today, my preferred {SSL VPN service} for the SSL VPN is UDP 443.  In any case, you don't want to use the preceding technique with UDP or TCP 443.  In this case, you might want to use 1394 (OpenVPN) or 1443.  Again with preference for UDP because it make the VPN faster.

Cheers - Bob
Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data