Answer the question
In order to leave comments, you need to log in
A
A
Arthur Avetisov2014-10-22 11:00:28
Arthur Avetisov, 2014-10-22 11:00:28
Organization of access to cisco asa 5505 via anyconnect only from the allowed list of addresses, how to implement?
Good day.
There is cisco asa 5505
ASA ver: 9.0.(1)
ASDM ver:7.0.(1)
Vpn configured via anyconnect.
For one user, let's conditionally call him an auditor , it is required that he can connect only from the list of allowed addresses from the outside, via anyconnect. For other users, for example ( it, dir ), there were no such restrictions.
Option 1: I suppose that you need to dig towards Dynamic Access Policy or Group Policy.
Option 2: Or set an explicit restriction in the firewall for the type of traffic, indicating 2 type rules (allow the approved list, prohibit everything else)
I would be grateful for your help.
1 answer(s)
@Ars1s
A
Ars1s, 2014-10-23 @Ars1s
Why make it so complicated?
but if you really need it, it's better to use several IPs to enter anyconnect. On one IP you hang up acl for the necessary IPs for auditor access, on the other access for it, dir.
OR
better restrict access, via Group Policy with internal acl, to allowed hosts. That is, for an external connection, allow all connections. Specifically, to access groups (Connection Profile), bind the policy with the necessary ACLs.
Similar questions
S
C
Z
Zaredis2014-11-03 11:03:34
How to properly configure snmp trap mac-notification on cisco 2960?
2Reply
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question