07-15-2018 02:32 AM - edited 03-12-2019 05:27 AM
Hello,
we configured SSL-VPN and enable certificate on this connection, the user now can connect through FQDN or IP address but when they connect through IP they receive warning and then they can pass it, Is there any way to preventt the user from connect using IP address and allow them to connect only through FQDN ?
Thank you
Solved! Go to Solution.
07-15-2018 07:06 AM
No it's not possible to configure the ASA not to accept such requests as that is how they come to it even when the client uses the FQDN.
Think about it - the client application (AnyConnect) uses an FQDN and the first thing that happens is the client OS uses DNS to resolve to an IP address. That IP address is then used to contact the gateway. AnyConnect keeps track of the fact that the FQDN was called and verifies the certificate Common Name (CN) matches the FQDN. All the actual communications at the IP layer are using IP addresses though.
07-15-2018 07:06 AM
No it's not possible to configure the ASA not to accept such requests as that is how they come to it even when the client uses the FQDN.
Think about it - the client application (AnyConnect) uses an FQDN and the first thing that happens is the client OS uses DNS to resolve to an IP address. That IP address is then used to contact the gateway. AnyConnect keeps track of the fact that the FQDN was called and verifies the certificate Common Name (CN) matches the FQDN. All the actual communications at the IP layer are using IP addresses though.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide