cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


127
Views
0
Helpful
3
Replies
Beginner

ASA WebVPN banner disclosure

Hello guys.

 

After a security scan, the finding was that ASA reveals to much information on TCP/443 port. For example, a simple nmap scan shows:

 

PORT STATE SERVICE VERSION
443/tcp open ssl/http Cisco ASA SSL VPN

 

while the scanner (I don't know which one) shows:

 

The remote host is running CISCO ASA 5500.

 

So the question is, is it possible to remove or alter this information?

 

The ASA is running 9.8(4)7 code.

 

Thanks.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: ASA WebVPN banner disclosure

Correct.

The answer I provided applies to both clientless and client-based SSL VPN.

View solution in original post

3 REPLIES 3
Hall of Fame Guru

Re: ASA WebVPN banner disclosure

It cannot be removed unless you aren't using the ASA for SSL VPN.

Beginner

Re: ASA WebVPN banner disclosure

Thanks Marvin.

The ASA is used for SSL VPN. So, in that case this information cannot be
removed?

This applies for both clientless SSL, as well as AnyConnect?

Sasa

Highlighted
Hall of Fame Guru

Re: ASA WebVPN banner disclosure

Correct.

The answer I provided applies to both clientless and client-based SSL VPN.

View solution in original post