Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1391
Views
0
Helpful
1
Replies

anyconnect URL redirection issue

Rock29
Level 1
Level 1

‎09-11-2023 05:56 AM

on it we have SSL VPN access configured. This therefore enables the ability to ‘browse’ to the outside of the firewall.

This in itself isn’t a problem, but what is a problem is that browsing to a random URL that is invalid sees the firewall redirect to an error page as opposed to returning a 404. This is causing PCI scans to fail.

For example, navigating to https://X.X.X.X/HiBtInet will see you redirected to https://X.X.X.X/+CSCOE+/message.html?mc=2

We would like to adjust the behavior of the firewall such that it doesn’t redirect but rather just 404s; this, you would perhaps think, would be default behavior given past DoS and path traversal vulnerabilities made possible by being able to browse on the outside.

I’ve attached the show tech output. We’ve tried implementing the following (we tried switching to 404) without any luck:

 sh run webvpn | inc portal|keep
portal-access-rule 1 deny code 403 any
keepout "Denied"

Any questions please let me know.

7 people had this problem
0 Helpful
1 Reply 1

amaradino
Level 1
Level 1

‎09-19-2023 07:41 AM

I'm also seeing this issue & its undesired redirects. It does seem like a big security threat.

We're on an ASA 5508 with software version 9.16(4)14.

I've tried code 403, 404 and 204 without success. The big issue is this redirect is causing us to fail on a PCI scan & there doesn't seem to be a fix for it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card