Thanks, Dinesh! I'll give

savvcollc · ‎02-23-2016

Hello- I'm a newbie to ASA firewall configuration and have a question about how to allow access from a server on a network reached via Anyconnect VPN to a server on the VPN client's network. Would a route be needed to identify the client network to the VPN network and access-list rules for particular hosts/ports?

Example: Anyconnect client connects to datacenter network where application server resides on VM guest. Application on VM guest can be reached from client, but application cannot reach the LDAP server on client's network. I'm looking for procedures to follow for allowing access to the LDAP server.

Thanks for your help!

Dinesh Moudgil · ‎02-23-2016

Hi savvcollc,

As long as you have the L3 connectivity between Anyconnect user's pool IP and internal resources, you should be good.

Here is a configuration example for you:
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

Review this doc and you will see that you need to configure access-list on ASA which will populate itself as the dedicated routes on the client machine depicting the resources reachable over the VPN. Thus, you need to define the network the Anyconnect client should be able to access and this should address your concern.

Regards,
Dinesh Moudgil

P.S. please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

savvcollc · ‎02-24-2016

Thanks, Dinesh! I'll give this a try and let you know.

Connecting from VPN network to client network