cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
850
Views
0
Helpful
5
Replies

ASA REST API and AnyConnect page

Oleg Volkov
Spotlight
Spotlight

Hello.

If I have enabled http server on outside for AnyConnect page, and want to enable REST API plugin, how I can restrict REST request only on inside interface?

Thank You

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
5 Replies 5

Hi,
You would restrict access to the ASA API similar to how you would restrict access to ASDM. E.g:-

http server enable
http 192.168.0.0 255.255.0.0 inside

HTH

If I do this, will my WebVpn portal on outside interface continue working?
--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog

Yes - it will continue to work.

The "http server" command (and restrictions you add to it) relates to management connections to the ASA (ASDM and REST API). We typically recommend that you do NOT allow https server on the outside interface. It exposes the management plane to potential vulnerabilities and denial of service attacks.

Your remote access VPN (a data plane service) is enabled (i.e. listening for https connections to the service) via the "enable <nameif> in the webvpn section of the configuration.

Thank You!
Sorry for my stupid question :-)
I have already http server only inside :-)
--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog

You're welcome.

No worries - it's a perfectly legitimate question and the documentation could make the distinction more clearly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: