I verified that "filter tunnel" is used to restrict full client access.
But I am not able to restrict port-forward using either "filter tunnel" or "acl". The "acl" restricts only clientless traffic. In ASA, the "webacls" restricts both clientless and port-forwarding. Is there anyway to restrict port-forwarding traffic in IOS WebVPN? Am I missing something? With regards Kings On Fri, Oct 15, 2010 at 3:09 PM, Kingsley Charles < [email protected]> wrote: > Tyson > > I believe, the following command will be used for anyconnect filtering: > > router1(config-webvpn-group)#filter tunnel ? > <1-199> IP access list (standard or extended) > <1300-2699> IP expanded access list (standard or extended) > WORD Access-list name > > I am not able to verify as my anyconnect is not at all connecting. Seems > there is some IOS issue. > > With regards > Kings > > > On Tue, Oct 12, 2010 at 7:46 PM, Tyson Scott <[email protected]> wrote: > >> It will work for the AnyConnect client as well. I have not tested it >> with port-forwarding. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Tuesday, October 12, 2010 9:56 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] IOS webvpn application acl >> >> >> >> Hi all >> >> Can we use the application ACL to control the port forwarding too? >> >> router1(config-webvpn-context)#acl rule >> router1(config-webvpn-acl)#permit ? >> URL URL access control list >> cifs CIFS access control list >> http HTTP access control list >> https HTTPS access control list >> ip IP access control list >> tcp TCP access control list >> >> I tried it in the lab and it works for URLs but not for port forwarding >> applications. >> >> With regards >> Kings >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
