Re: MX AnyConnect/IPSec Client VPN - Restricting access

antuk · ‎11-08-2022

Hi all,

Im trying to block certain IP ranges from being able to hit my VPN tunnels, Ive tried L7 firewall rules and they just get ignored.

Does anyone know how to configure inbound firewall rules for ports not handled by Port Forwarding/NAT rules

Thanks,

Anthony

alemabrahao · ‎11-08-2022

For IPsec, you can configure layer 3 rules, for Anyconnect you can allow just the networks that clients need to access.

https://documentation.meraki.com/MX/Client_VPN/Restricting_Client_VPN_access_using_Layer_3_firewall_...

antuk · ‎11-09-2022

Thanks, I was after a block list not an allow list - however Ive managed to do what I wanted by getting support to enable the inbound firewall rules config

alemabrahao · ‎11-09-2022

It's not to allow, it's just to define what subnets users can access through the VPN. you can use the outbound rules to achieve it, look the article that I sent to you.

antuk · ‎11-09-2022

thats not quite what i was trying to achieve. Basically lots of random address are probing my open ports, so im trying to restrict what external IPs can access my VPN port (pre authentication), so I wanted access to inbound firewall rules. After speaking to support they have enabled the option and now I can block at will.

alemabrahao · ‎11-09-2022

👍