I configure SSL vpn by use any connect option from outside interface through internet
when I finish the installion I can access to outside by web for install anyconnet agent
but i have problem that the ssl web browser allow for any user to open the page so i want the web browser page only available
for one user by choice ip address
how can i do that ?
Go to Solution.
Add the control-plane keyword to your last statement:
access-group OUT_IN in interface outside control-plane
View solution in original post
If I understand correctly you only want a single known remote IP address to be able to connect to your SSL VPN.
To do that, you would need to use an ACL with the "control-plane" option. That makes the ACL apply to traffic TO the ASA (vs. the normal usage which affects traffic THROUGH the ASA).
Here is a good article on how to do that.
It was written for the old IPsec VPN client but you can easily adapt the method to specify tcp 443 (default for SSL/TLS used by AnyConnect clients unless you've specified an alternate port) as the destination transport protocol (tcp) and port (443).
object-group network ALLOWED_VPN_HOSTS
network-object host x.x.x.x
access-list OUT_IN extended permit tcp object-group ALLOWED_VPN_HOSTS host x.x.x.x
access-group OUT_IN in interface outside
i did this access list as your requirement but same problem which i can access to ssl vpn by any user from outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: