09-09-2019 01:18 AM
Hello.
If I have enabled http server on outside for AnyConnect page, and want to enable REST API plugin, how I can restrict REST request only on inside interface?
Thank You
09-09-2019 01:27 AM - edited 09-09-2019 01:31 AM
Hi,
You would restrict access to the ASA API similar to how you would restrict access to ASDM. E.g:-
http server enable
http 192.168.0.0 255.255.0.0 inside
HTH
09-09-2019 02:22 AM
09-09-2019 05:22 AM
Yes - it will continue to work.
The "http server" command (and restrictions you add to it) relates to management connections to the ASA (ASDM and REST API). We typically recommend that you do NOT allow https server on the outside interface. It exposes the management plane to potential vulnerabilities and denial of service attacks.
Your remote access VPN (a data plane service) is enabled (i.e. listening for https connections to the service) via the "enable <nameif> in the webvpn section of the configuration.
09-09-2019 05:52 AM
09-09-2019 07:36 AM
You're welcome.
No worries - it's a perfectly legitimate question and the documentation could make the distinction more clearly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide