2 IPs, only want to allow SSL VPN on one

Hi all,

I’m gradually learning and getting my head around XG and have now got a system setup at home to learn with.

I’ve got SSL VPN set up and working, but as far as I can see there is no rule as such which controls which IP it can come in on.

So current home setup is

FTTP via PPPOE with 2 IP addresses

Can I control somewhere which IP it should listen on  ONLY or should I be making a block rule on the second IP?

Any advice?

  • Hi  

    Please right-click on the client from the tray on SSL VPN Client in Windows OS of the user system and click on Settings and you may able to specify the ISP link through which you want to connect SSL VPN.

  • Ben,

    you can use a Local ACL to publish your SSLVPN on a single IP instead of WAN zone. Go under Administration menu > Device Access > Create local ACL. Make sure you disable the sslvpn under the WAN zone.

    Under the VPN menu > Show vpn settings > SSLVPN > override hostname put the dns name or the ip where the VPN service is published to.

    Regards

  • Hi Ben Gillam1,

    Step 1. Override the host name with the WAN IP address that you desire to use with SSL Remote VPN.

    Step 2. Create Local Service ACL Exception to allow SSL VPN service on desired WAN IP address. 

    Step 3. Remove SSL VPN from WAN zone. 

    Note: When you update SSL VPN settings or change SSL Remote VPN policy, users have to re-download SSL VPN configuration from the UserPortal.

    Thanks,