Kingsley,
I am not sure. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Kingsley Charles [mailto:[email protected]] Sent: Friday, October 15, 2010 7:47 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] IOS webvpn application acl I verified that "filter tunnel" is used to restrict full client access. But I am not able to restrict port-forward using either "filter tunnel" or "acl". The "acl" restricts only clientless traffic. In ASA, the "webacls" restricts both clientless and port-forwarding. Is there anyway to restrict port-forwarding traffic in IOS WebVPN? Am I missing something? With regards Kings On Fri, Oct 15, 2010 at 3:09 PM, Kingsley Charles <[email protected]> wrote: Tyson I believe, the following command will be used for anyconnect filtering: router1(config-webvpn-group)#filter tunnel ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name I am not able to verify as my anyconnect is not at all connecting. Seems there is some IOS issue. With regards Kings On Tue, Oct 12, 2010 at 7:46 PM, Tyson Scott <[email protected]> wrote: It will work for the AnyConnect client as well. I have not tested it with port-forwarding. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, October 12, 2010 9:56 AM To: [email protected] Subject: [OSL | CCIE_Security] IOS webvpn application acl Hi all Can we use the application ACL to control the port forwarding too? router1(config-webvpn-context)#acl rule router1(config-webvpn-acl)#permit ? URL URL access control list cifs CIFS access control list http HTTP access control list https HTTPS access control list ip IP access control list tcp TCP access control list I tried it in the lab and it works for URLs but not for port forwarding applications. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
