Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
0
Helpful
0
Replies

Anyconnect connection profile. Restrict access to profile for Public IPs

Boris Uskov
Level 4
Level 4

‎02-10-2016 02:32 AM - edited ‎02-21-2020 08:40 PM

Hello, team!

Need an advice.

I have a task to create an Anyconnect connection profile for Cisco ASA. I need to permit the connections to this new profile only for certain Public IP addresses.

For example, if a remote user with Anyconnect client installed has a public IP address 1.1.1.1, he is able to connect to new profile and is able to access some internal resources.

If a remote user has a public IP address 2.2.2.2, he is not able to connect to new profile, or he is not able to access internal resources within this profile.

So, how can I check the Public IP address of Remote User? I know, I can use Cisco Secure Desktop configurations to find out the IP address of the client. But I suppose, that the IP address, which can be found with CSD, is a private IP address of remote macshine LAN card. Am I right?

I made a short investigation and found a "nat-assigned-to-public-ip" option:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_params.html

This configuration seems to be suitable for my case.

But, maybe someone can suggest another more simple method?

Any ideas appreciates. Thanks in advance.

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents