04-16-2021 02:52 PM - edited 07-05-2021 01:09 PM
We have a Cisco 5520 that has guest SSIDs. I want to know how to block anyconnect from running on those cisco guest SSIDs.
04-16-2021 11:54 PM
- Both items are unrelated anyconnect is an app versus , ssid-connection is 'quasi layer2', it is the same as asking how to block anyconnect when on lan.
04-17-2021 09:04 AM
Cisco 5520 wireless controllers allows you to block apps and protocols using AVC lists...are you telling me that there isn’t a way to do so?
04-19-2021 07:01 AM
AnyConnect is using either SSL or IKE for the connection, so you could block those (please note, by blocking SSL you also block all HTTPS websites...). I assume this will not make you happy.
Regarding AnyConnect, do you want to block the VPN function, or do you mean the Network Access Module, or any other module?
Do you want to generally block VPN connections, or only the protocols supported by AnyConnect?
If it's just AnyConnect, then maybe only the servers/IPs of your own VPN gateways? If yes, then you could create an ACL on the WLC blocking the access to those IPs.
04-19-2021 07:42 AM
Yes, I did try the block of SSL and you're right, it blocks everything. I don't want to block the use of AnyConnect, I want to block the use of AnyConnect for the sake of connecting to our network within our on-prem corporate guest SSID.
I have tried using various AVC, and ACL settings in the wifi connection. I'm not as familiar with the NAM(TAC suggestion). At this point I'm trying to control it within the Wireless Controller.
I've also heard of the suggestion of a DNS going nowhere.
Thanks for the reply.
04-19-2021 07:58 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: