cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


191
Views
0
Helpful
3
Replies
Beginner

anyconnect vpn issue

Hell

I configure SSL vpn by use any connect option from outside interface through internet

when I finish the installion I can access to outside by web for install anyconnet agent 

that fine 

 

but i have problem that the ssl web browser allow for any user to open the page so i want the web browser page only available 

for one user by choice ip address 

how can i do that ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

Re: anyconnect vpn issue

Add the control-plane keyword to your last statement:

 

access-group OUT_IN in interface outside control-plane

 

3 REPLIES
Hall of Fame Master

Re: anyconnect vpn issue

If I understand correctly you only want a single known remote IP address to be able to connect to your SSL VPN.

 

To do that, you would need to use an ACL with the "control-plane" option. That makes the ACL apply to traffic TO the ASA (vs. the normal usage which affects traffic THROUGH the ASA).

 

Here is a good article on how to do that.

 

http://resources.intenseschool.com/to-the-box-traffic-filtering-on-cisco-asa/

 

It was written for the old IPsec VPN client but you can easily adapt the method to specify tcp 443 (default for SSL/TLS used by AnyConnect clients unless you've specified an alternate port) as the destination transport protocol (tcp) and port (443).

Beginner

Re: anyconnect vpn issue

object-group network ALLOWED_VPN_HOSTS
 network-object host x.x.x.x
access-list OUT_IN extended permit tcp object-group ALLOWED_VPN_HOSTS host x.x.x.x
access-group OUT_IN in interface outside

 i did this access list as your requirement but same problem which i can access to ssl vpn by any user from outside

Highlighted
Hall of Fame Master

Re: anyconnect vpn issue

Add the control-plane keyword to your last statement:

 

access-group OUT_IN in interface outside control-plane

 

CreatePlease to create content
Content for Community-Ad