02-23-2016 04:12 PM
Hello- I'm a newbie to ASA firewall configuration and have a question about how to allow access from a server on a network reached via Anyconnect VPN to a server on the VPN client's network. Would a route be needed to identify the client network to the VPN network and access-list rules for particular hosts/ports?
Example: Anyconnect client connects to datacenter network where application server resides on VM guest. Application on VM guest can be reached from client, but application cannot reach the LDAP server on client's network. I'm looking for procedures to follow for allowing access to the LDAP server.
Thanks for your help!
02-23-2016 07:46 PM
Hi savvcollc,
As long as you have the L3 connectivity between Anyconnect user's pool IP and internal resources, you should be good.
Here is a configuration example for you:
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html
Review this doc and you will see that you need to configure access-list on ASA which will populate itself as the dedicated routes on the client machine depicting the resources reachable over the VPN. Thus, you need to define the network the Anyconnect client should be able to access and this should address your concern.
Regards,
Dinesh Moudgil
P.S. please rate helpful posts.
02-24-2016 10:59 AM
Thanks, Dinesh! I'll give this a try and let you know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide