Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2281
Views
0
Helpful
3
Replies

ASA WebVPN banner disclosure

Go to solution
sasa.popravak
Level 1
Level 1

‎11-08-2019 02:38 AM - edited ‎02-21-2020 09:40 AM

Hello guys.

 

After a security scan, the finding was that ASA reveals to much information on TCP/443 port. For example, a simple nmap scan shows:

 

PORT STATE SERVICE VERSION
443/tcp open ssl/http Cisco ASA SSL VPN

 

while the scanner (I don't know which one) shows:

 

The remote host is running CISCO ASA 5500.

 

So the question is, is it possible to remove or alter this information?

 

The ASA is running 9.8(4)7 code.

 

Thanks.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sasa.popravak

‎11-08-2019 07:40 PM

Correct.

The answer I provided applies to both clientless and client-based SSL VPN.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-08-2019 02:52 AM

It cannot be removed unless you aren't using the ASA for SSL VPN.

0 Helpful

Go to solution
sasa.popravak
Level 1
Level 1
In response to Marvin Rhoads

‎11-08-2019 03:31 AM

Thanks Marvin.

The ASA is used for SSL VPN. So, in that case this information cannot be
removed?

This applies for both clientless SSL, as well as AnyConnect?

Sasa

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sasa.popravak

‎11-08-2019 07:40 PM

Correct.

The answer I provided applies to both clientless and client-based SSL VPN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card