Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Dilemma: Trying to make this ASA-5506X last a little longer. Issue noted on pen test that http security headers not set on the clientless vpn portal. Needs: 1) Firepower enabled (only works through 9.9.x)2) http-headers setting functionality (seem...
Is that correct? It doesn't seem correct. I purchased an Anyconnect mobile license to add to my ASA 5505 which already had Anyconnect Essentials enabled. The activation key I received shows that I would be going from:
License ...
I have (had) a working AnyConnect VPN set up with no split tunnelling (U-turning/hairpinning traffic) with dual authentication (certificates and Active Directory credentials), running 8.2.5 code.I switched the SSL settings over from "Any" to "TLSv1 o...
I have an AnyConnect VPN set up with no split tunnelling (U-turning/hairpinning traffic), running 8.2.5 code.This works great, but I want to allow the AnyConnect clients to access a site-to-site VPN as well, which I have been unable to do. I did chec...
Thank you very much Marvin, much appreciated for the config guide. Any SSL service running will fail the pen test if the http-headers cannot be set, even if the keepout option is enabled.Looks like for any version that supports Firepower on the 5506X...
Thanks Marvin, that does work to disallow access, but the portal page is still up. It seems once any kind of SSL VPN is up, the portal is available (even if just to download the anyconnect software). if the security headers are not able to be set, t...
So believe it or not here I am again with this same problem, albeit with a different device (pfsense) on the other end. Still have:anyconnect client -> local network (inside) -> remote networks (ny2-network and ch1-network) (via site to site vpn)anyc...
This did not work for me using self-signed auto-generated computer certificates, with Windows Server 2012 R2 and Win 7 machines, but it was the only response anywhere that put me on the right track. I spent weeks trying to get two factor authenticat...
