01-09-2019 12:11 AM - edited 02-21-2020 08:38 AM
Hell
I configure SSL vpn by use any connect option from outside interface through internet
when I finish the installion I can access to outside by web for install anyconnet agent
that fine
but i have problem that the ssl web browser allow for any user to open the page so i want the web browser page only available
for one user by choice ip address
how can i do that ?
Solved! Go to Solution.
01-09-2019 02:11 AM
Add the control-plane keyword to your last statement:
access-group OUT_IN in interface outside control-plane
01-09-2019 01:25 AM
If I understand correctly you only want a single known remote IP address to be able to connect to your SSL VPN.
To do that, you would need to use an ACL with the "control-plane" option. That makes the ACL apply to traffic TO the ASA (vs. the normal usage which affects traffic THROUGH the ASA).
Here is a good article on how to do that.
http://resources.intenseschool.com/to-the-box-traffic-filtering-on-cisco-asa/
It was written for the old IPsec VPN client but you can easily adapt the method to specify tcp 443 (default for SSL/TLS used by AnyConnect clients unless you've specified an alternate port) as the destination transport protocol (tcp) and port (443).
01-09-2019 01:59 AM
object-group network ALLOWED_VPN_HOSTS network-object host x.x.x.x access-list OUT_IN extended permit tcp object-group ALLOWED_VPN_HOSTS host x.x.x.x access-group OUT_IN in interface outside
i did this access list as your requirement but same problem which i can access to ssl vpn by any user from outside
01-09-2019 02:11 AM
Add the control-plane keyword to your last statement:
access-group OUT_IN in interface outside control-plane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide