A
A
Arthur Avetisov2014-10-22 11:00:28
Cisco
Arthur Avetisov, 2014-10-22 11:00:28

Organization of access to cisco asa 5505 via anyconnect only from the allowed list of addresses, how to implement?

Good day.
There is cisco asa 5505
ASA ver: 9.0.(1)
ASDM ver:7.0.(1)
Vpn configured via anyconnect.
For one user, let's conditionally call him an auditor , it is required that he can connect only from the list of allowed addresses from the outside, via anyconnect. For other users, for example ( it, dir ), there were no such restrictions.
Option 1: I suppose that you need to dig towards Dynamic Access Policy or Group Policy.
Option 2: Or set an explicit restriction in the firewall for the type of traffic, indicating 2 type rules (allow the approved list, prohibit everything else)
I would be grateful for your help.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Ars1s, 2014-10-23
@Ars1s

Why make it so complicated?
but if you really need it, it's better to use several IPs to enter anyconnect. On one IP you hang up acl for the necessary IPs for auditor access, on the other access for it, dir.
OR
better restrict access, via Group Policy with internal acl, to allowed hosts. That is, for an external connection, allow all connections. Specifically, to access groups (Connection Profile), bind the policy with the necessary ACLs.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question