Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an ASA (8.2.1) running IPSec and Anyconnect. The other day I noticed someone was trying to brute force the Anyconnect connection.Doing what felt natural, I tried blocking using my outside ACL. It appears that this ACL protects my internal ho...
As of IOS 12.2(46)SE and 12.2(33)SXI4 you can use the address command.
ip dhcp pool SomeVRFPool
vrf SomeVRF
network 10.1.1.0 255.255.255.0
domain-name somevrf.net
default-router 10.1.1.1
address 10.1.1.2 client-id "Client-Hostname" ascii
...
Yes, this works just fine with Microsoft NPS. In a nutshell, you tell NPS to return the radius attribute 25 (It's called "Class") and assign it the value of ou=MyVPNGroupPolicy where MyVPNGroupPolicy is the name of your group policy in the ASA.I wa...
Thank you, the control-plane keyword performed exactly as needed.I'm providing my configuration for someone else's benefitaccess-list outside-control-plane extended deny https 1.2.3.0 255.255.255.0 anyaccess-group outside-control-plane in interface o...
The vpn-filter would allow me to limit what access someone who has authenticated into the system could get to. What I am trying to do is prevent specific public IP ranges from accessing the Anyconnect Login page, preventing them from attempting to a...
