control plane acccess lists on the ASA
If you want to stop an IP address from trying to access anyconnect, asdm, trying to form a VPN thats what you need
OUTSIDE_IN access list does not block it as the services itself is on the Firewall and does not pass through the interface
access-list cp-outside extended deny ip object-group BAD_IPS any log
access-group cp-outside in interface OUTSIDE control-plane
no implicit deny on these so you dont need a permit any any as that will cause the access list not to work
no logging hide username
No comments:
Post a Comment