Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1381
Views
0
Helpful
3
Replies

Restrict Anyconnect VPN access

morrisbk1
Level 1
Level 1

‎11-21-2013 01:04 PM - edited ‎02-21-2020 07:20 PM

I recently upgraded our VPN remote access clients to AnyConnect, now everybody in the organization can access the VPN. I was wondering is there is a way to block everybody and give access to who we want to give access to.

Also, I like to know how to stop VPN clients’ user from moving information (files/folders) between the remote PC (pc been access) and the pc they are access VPN from.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎11-21-2013 01:53 PM

how is your authentication set up? are you using locally defined users or are you using a RADIUS / TACACS+ server?

Do you want to allow users to connect but be restricted to what they can access?

Normally you would use group policies for these types of restrictions.

As for  preventing files/folders from being copied from a PC , as far as I know this is not supported by the ASA.  You would have to implement some sort of data loss prevention technology (DLP) for this.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

morrisbk1
Level 1
Level 1
In response to Marius Gunnerud

‎11-22-2013 10:33 AM

we are using LDAP for authentication.

no, i do not want the users to connect to the ASA at all. is this posible? i want only those who we allow to connect and not the entire organization as it is now.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to morrisbk1

‎11-23-2013 12:13 PM

I do not think it is possible to stop users from connecting to the vpn, but it is possible to prevent them from logging in.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html

For data loss prevention (stopping people from copying files), you could implement Cisco Secure Desktop (CSD).  This will initiate a virtualized desktop when the user connects to the AnyConnect SSL VPN and/or Clientless SSL VPN.

http://www.cisco.com/en/US/docs/security/csd/csd311/csd_for_asa/configuration/guide/CSDJntro.html

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents