Disclosed is a method and system for controlling access of a source terminal to a network that includes, in particular, a firewall and an authentication portal that maintains the firewall during an access request originating from the source terminal and which permits access when periodically and subsequently provided with a valid authentication token. The source terminal can also communicate in tunnel mode with the destination terminal of the network via a block mode tunnel. Authentication tokens are periodically supplied on the OSI Layer 2 level so that the tokens continue to be provided during a block tunnel mode communication. A network operator can maintain access control using a captive portal paradigm even when a user chooses to use a block mode tunnel.