Restricting Traffic to a web page via WEBVPN

Unanswered Question
Jan 7th, 2008

Hi all,

I would very much like your help.

I have setup two features for the customer on an ASA5500 appliance.

1) IPSEC client vpn access for home/remote users to access the LAN. This works fine.

2) WEBVPN for specific users who need to access a particular application on the LAN remotely via a HTTPS page.

Now, 1) works perfectly so this can be ignored. However, the customer suggested as one of their requirements that they would like only 2 srouce ip addresses to be allowed to access the https site remotely. I have raised a tac case with cisco who said that this cannot be done. I thought this might be as simple as using an ACL to permit only certain IP's to the site but have not been successful in gettng this to work. I was wondering if anyone had any other revelations. The config is ATTACHED.

Thanks and regards,

Randeep CCSP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Mon, 01/07/2008 - 07:50

why don't you restrict access by usernames/groups instead of IP's?

TAC is right, btw, what your customer wants cannot be done with IP restriction.

r.gill Mon, 01/07/2008 - 07:54

Hmm you are right. I just tried it in the lab. Used ACL's, Web-type ACL's - applied these as filters to the group and no luck.

Cisco Tac say its a bug that has now been pushed to the design team with my case attached!! something to note i guess!

Thank u so much for your help.



ps. will use user / group restriction instead! :o)


This Discussion