02-24-2014 06:10 PM
Current Setup
- 2 x ASA 5505 firewalls, running 9.0.4; ASDM 7.1; in active/standby mode
- Using Anyconnect v3.0.3054
- VPN uses IPSec only; SSL Access is Disabled.
- Anyconnect manually installed on Laptops.
- Web Portal Shutdown and browser shows not found
- Clientless SSL VPN Disabled.
Here is my Problem: (This problem is causing my external PCI scan to fail; it is failing because the https site is using ssl3.0 or TLS 1.0)
1. From an External PC, I open any browser and go to my firewall's IP address (i.e. https://8.8.8.8)
2. The browser gives a warning about an untrusted certificate.
3. If I click continue, then the browser tries to go to the Web portal login but then shows the "Page cannot be displayed" page.
What I am trying to do is stop the firewall from responding to HTTPS requests to the Firewall's WAN IP address; if I do step 1 of my problem, I want the browser to timeout due to no response from the firewall.
After reading the admin manuals and researching this problem, I have hit a wall.
Thanks
Solved! Go to Solution.
02-24-2014 06:35 PM
An IPSec (IKEv2) remote access VPN requires use of SSL for the initial session establishment. AFAIK there's no avoiding that. You should explain to your auditor that this is required and that the lack of other services on that interface is a compensating control for the use of SSL.
Sent from Cisco Technical Support iPad App
02-24-2014 06:35 PM
An IPSec (IKEv2) remote access VPN requires use of SSL for the initial session establishment. AFAIK there's no avoiding that. You should explain to your auditor that this is required and that the lack of other services on that interface is a compensating control for the use of SSL.
Sent from Cisco Technical Support iPad App
03-06-2014 03:57 PM
Thanks for the info, I purchased an SSL Certificate and all is well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide