Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
1
Replies

Block windows Shared Folder over anyconnect

Go to solution
najarian
Level 1
Level 1

‎08-14-2020 05:51 AM

Hello everyone, we noticed that in the client VPN group "XXXX" access to internal resources without AD group membership (ATTRIBUTE_MAP) is possible!!. E.g. Open the $ shared folders of internal systems (tested with \\ 10.10.8.10 \c$\ if the user does not have any VPN AD groups; it shouldn't be like that. Can you please tell me why!!??

 

Regard

Ashkan

Mohammad najarian
CCIE #65604
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2020 07:38 AM

AnyConnect simply allows or denies access to IP addresses. What, if any, access a connected endpoint or users has to a reachable network resource is controlled by the OS on that resource - not AnyConnect or the ASA (or whatever AnyConnect comes in through).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2020 07:38 AM

AnyConnect simply allows or denies access to IP addresses. What, if any, access a connected endpoint or users has to a reachable network resource is controlled by the OS on that resource - not AnyConnect or the ASA (or whatever AnyConnect comes in through).

0 Helpful
Customers Also Viewed These Support Documents