Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
3
Replies

AnyconnectVPN - how to allow a specific public-ip?

Imran Ahmad
Level 2
Level 2

‎11-24-2015 02:24 AM

Hello,

how can i configure my ASA to allow a specific public-ip address to connected through Anyconnect VPN session , and block all other ip addresses.

 

I searched Group-Policy but could not find the option

 

 

 

Thanks

Labels:
0 Helpful
3 Replies 3

rvarelac
Level 7
Level 7

‎11-24-2015 03:52 PM

Hi Imran, 

This can be done with an ACL applied to the control-plane of the ASA, example:

access-list VPN permit tcp host 1.1.1.1 any eq 443
access-list VPN  permit udp host 1.1.1.1 any eq 443
access-list VPN deny tcp any any eq 443
access-group  VPN  in interface outside control-plane


This should allow the IP "1.1.1.1" to connect over Anyconnect on reject any other IP. 

Hope it helps

-Randy-

0 Helpful

Imran Ahmad
Level 2
Level 2
In response to rvarelac

‎11-24-2015 07:56 PM

Hi Randy,

 

the above commands u writen blocks https completly for all other ips except 1.1.1.1.  that is what i do not want. rather I want to allow a single ip to a specific connection-profile, and block all other ip adds to connect through that connection-profile.    BUT I DONT WANT to block https at whole my ASA.

 

how to do that ? 

0 Helpful

Imran Ahmad
Level 2
Level 2
In response to Imran Ahmad

‎11-27-2015 10:42 PM

anyone else can help me please

0 Helpful
Customers Also Viewed These Support Documents