Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3253
Views
5
Helpful
3
Replies

Can you do a Nessus vulnerability scan to a remote Anyconnect client ?

martinsm1
Level 1
Level 1

‎04-18-2020 02:07 PM

We have an ASA 5525-X ver 9.8 and Anyconnect 4.8. SSL Webvpn.

When a remote vpn client is connected, we try to run a Nessus vulnerability scan of the remote vpn client.

This Nessus scanner is behind the ASA on our internal network. The scanner acknowledges that the remote vpn client does answer with general identity info, such as host name, OS, and IP, but will not allow a vulnerability scan to be done.

Is it possible to do a Nessus vulnerability scan to a remote vpn client through a SSL vpn tunnel?

Labels:
0 Helpful
3 Replies 3

omz
VIP Alumni
VIP Alumni

‎04-18-2020 05:07 PM

Hi 

Scans over VPN are not recommended - 

https://community.tenable.com/s/article/Can-I-scan-my-remote-network-via-a-VPN

hope this helps 

Sheraz.Salim
VIP Alumni
VIP Alumni

‎04-19-2020 02:35 AM

you have to make sure the nessus is added in nat exemption rules. curious why you needed this. if you have a Firepower module you can use the passive network discovery to see the vulnerabilities.

please do not forget to rate.
0 Helpful

martinsm1
Level 1
Level 1
In response to Sheraz.Salim

‎04-22-2020 12:44 PM

We are not using NAT for VPN addressing. Our IA scanning group is required to do an outside vulnerability scan.

0 Helpful
Customers Also Viewed These Support Documents