cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6115
Views
5
Helpful
7
Replies

does anyconnect support per-app VPN?

Michael Cole
Level 1
Level 1

Just wanting to know if the anyconnect can support per-app VPN access... We would like to utilize VPN for a RDP app, but not allow VPN access to the rest of the device. Is this even possible?

Thanks,

Mike C

Sent from Cisco Technical Support iPad App

1 Accepted Solution

Accepted Solutions

There are some vendors that do per-App VPN, Cisco doesn't traditionally, but they accomplish the same thing with filters (and other ways). That's probably what they were saying they don't support.

View solution in original post

7 Replies 7

Collin Clark
VIP Alumni
VIP Alumni

Yes this is possible. You would typically use a downloadable ACL to restrict what and where VPN users can access resources.

Hi Collin,

Can you be a little more specific?  I know that ACLs can be used to restrict access to network resources, but I am not clear on how it can be used on an iPad, for example, to allow an RDP app (Pocketcloud) VPN access, while blocking other apps from accessing the VPN tunnel.  Maybe set the ACL to only allow 3389 traffic?

Just got a tweet back from cisco_support and they said it is currently not supported...

The ACL is applied to the VPN tunnel. So like you mentioned, you would create an ACL that gets applied to the tunnel that only allows TCP-3389 to the server. All other traffic is denied. The source device doesn't matter since the ACL is applied at the tunnel interface, not at the device. Does that help? What did TAC say is not supported?

Thanks - still very much a rookie when ti comes to firewalls...

The question I asked was, '@cisco_support Does #anyconnect support per-app VPN?  Want to just allow VPN for RDP from iPad but not VPN to entire device.'

There are some vendors that do per-App VPN, Cisco doesn't traditionally, but they accomplish the same thing with filters (and other ways). That's probably what they were saying they don't support.

Got it, that makes sense.  Thanks!

Is it possible to accomplish the same as Citrix MDX MicroVPN with Anyconnect/ASA? How? What I understand we have to do tunnelfilters and split-tunneling. Is it possible to controll Apps? Anyconnect/ASA can only controll tcp/udp-ports traffic. If we do on-demand configuration, application start  Anyconnect, if we exit application vpn-tunnel is still up. How do we controll that?

Thank's in advance.

Review Cisco Networking for a $25 gift card