cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1393
Views
0
Helpful
3
Replies

Restrict Anyconnect VPN access

morrisbk1
Level 1
Level 1

I recently upgraded our VPN remote access clients to AnyConnect, now everybody in the organization can access the VPN. I was wondering is there is a way to block everybody and give access to who we want to give access to.

Also, I like to know how to stop VPN clients’ user from moving information (files/folders) between the remote PC (pc been access) and the pc they are access VPN from.

3 Replies 3

how is your authentication set up? are you using locally defined users or are you using a RADIUS / TACACS+ server?

Do you want to allow users to connect but be restricted to what they can access?

Normally you would use group policies for these types of restrictions.

As for  preventing files/folders from being copied from a PC , as far as I know this is not supported by the ASA.  You would have to implement some sort of data loss prevention technology (DLP) for this.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

we are using LDAP for authentication.

no, i do not want the users to connect to the ASA at all. is this posible? i want only those who we allow to connect and not the entire organization as it is now.

I do not think it is possible to stop users from connecting to the vpn, but it is possible to prevent them from logging in.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html

For data loss prevention (stopping people from copying files), you could implement Cisco Secure Desktop (CSD).  This will initiate a virtualized desktop when the user connects to the AnyConnect SSL VPN and/or Clientless SSL VPN.

http://www.cisco.com/en/US/docs/security/csd/csd311/csd_for_asa/configuration/guide/CSDJntro.html

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts