11-24-2015 02:24 AM
Hello,
how can i configure my ASA to allow a specific public-ip address to connected through Anyconnect VPN session , and block all other ip addresses.
I searched Group-Policy but could not find the option
Thanks
11-24-2015 03:52 PM
Hi Imran,
This can be done with an ACL applied to the control-plane of the ASA, example:
access-list VPN permit tcp host 1.1.1.1 any eq 443
access-list VPN permit udp host 1.1.1.1 any eq 443
access-list VPN deny tcp any any eq 443
access-group VPN in interface outside control-plane
This should allow the IP "1.1.1.1" to connect over Anyconnect on reject any other IP.
Hope it helps
-Randy-
11-24-2015 07:56 PM
Hi Randy,
the above commands u writen blocks https completly for all other ips except 1.1.1.1. that is what i do not want. rather I want to allow a single ip to a specific connection-profile, and block all other ip adds to connect through that connection-profile. BUT I DONT WANT to block https at whole my ASA.
how to do that ?
11-27-2015 10:42 PM
anyone else can help me please
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide