Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
2
Replies

Anyconnect Split-Tunneling, allow only TCP/UDP Port 53 to DNS SRVs

Go to solution
jokr
Level 1
Level 1

‎07-22-2022 12:36 AM

Hi !

Given a Cisco ASA5508-x and the task to create an Anyconnect Connection Profile to allow Access to a single host within my Local LAN. No problem creating this profile. I added 2 internal DNS Servers for name resolution. The resulting Connection Profile created with the ASDM Anyconnect VPN Wizard creates a Profile with Access to the requested single host. This Profil/Group Policy also allows access to the 2 internal DNS Servers automatically. I would like to create an additional ACL somewhere to restrict access to the internal DNS Servers only for TCP/UDP Port 53.

Any hints where to add this additional restriction ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-22-2022 01:28 AM

You can further add a vpn-filter to the connection so that you enforce the requested ports and protocols.

Here's an example: https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-22-2022 01:28 AM

You can further add a vpn-filter to the connection so that you enforce the requested ports and protocols.

Here's an example: https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html#anc6

0 Helpful

Go to solution
jokr
Level 1
Level 1

‎07-24-2022 10:48 PM

yes, "vpn-filter" is the keyword to search for. Thanks.

0 Helpful
Customers Also Viewed These Support Documents