I verified that "filter tunnel" is used to restrict full client access.

But I am not able to restrict port-forward using either "filter tunnel" or
"acl". The "acl" restricts only clientless traffic.


In ASA, the "webacls" restricts both clientless and port-forwarding.

Is there anyway to restrict port-forwarding traffic in IOS WebVPN?

Am I missing something?


With regards
Kings

On Fri, Oct 15, 2010 at 3:09 PM, Kingsley Charles <
[email protected]> wrote:

> Tyson
>
> I believe, the following command will be used for anyconnect filtering:
>
> router1(config-webvpn-group)#filter tunnel ?
>   <1-199>      IP access list (standard or extended)
>   <1300-2699>  IP expanded access list (standard or extended)
>   WORD         Access-list name
>
> I am not able to verify as my anyconnect is not at all connecting. Seems
> there is some IOS issue.
>
> With regards
> Kings
>
>
> On Tue, Oct 12, 2010 at 7:46 PM, Tyson Scott <[email protected]> wrote:
>
>>  It will work for the AnyConnect client as well.  I have not tested it
>> with port-forwarding.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Tyson Scott - CCIE #13513 R&S, Security, and SP
>>
>> Managing Partner / Sr. Instructor - IPexpert, Inc.
>>
>> Mailto: [email protected]
>>
>> Telephone: +1.810.326.1444, ext. 208
>>
>> Live Assistance, Please visit: www.ipexpert.com/chat
>>
>> eFax: +1.810.454.0130
>>
>>
>>
>> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
>> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
>> CCIE (R&S, Voice, Security & Service Provider) certification(s) with
>> training locations throughout the United States, Europe, South Asia and
>> Australia. Be sure to visit our online communities at
>> www.ipexpert.com/communities and our public website at www.ipexpert.com
>>
>>
>>
>> *From:* [email protected] [mailto:
>> [email protected]] *On Behalf Of *Kingsley
>> Charles
>> *Sent:* Tuesday, October 12, 2010 9:56 AM
>> *To:* [email protected]
>> *Subject:* [OSL | CCIE_Security] IOS webvpn application acl
>>
>>
>>
>> Hi all
>>
>> Can we use the application ACL to control the port forwarding too?
>>
>> router1(config-webvpn-context)#acl rule
>> router1(config-webvpn-acl)#permit ?
>>   URL    URL access control list
>>   cifs   CIFS access control list
>>   http   HTTP access control list
>>   https  HTTPS access control list
>>   ip     IP access control list
>>   tcp    TCP access control list
>>
>> I tried it in the lab and it works for URLs but not for port forwarding
>> applications.
>>
>> With regards
>> Kings
>>
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to