We have recently setup a Cisco ASA 5520 to provide a clientless SSL VPN via the web portal for our staff.
My question is, how do i restrict access to the webportal to certain IP addresses/ranges?
Basically, the clientless SSL VPN is enabled on both the inside and outside interfaces.
With the outside interface, we would like anyone from any IP to be able to access the portal. From the inside interface, we would only like members of a certain subnet to be able to log onto the portal, or even get access to it. This is to stop out limited SSL licenses from being tied up by people using the system internally.
My current understanding is that the VPN traffic bypasses the interface ACLs. is there anyway for me to get the SSL connections coming into the inside interface to be subject to these ACLs?
Any help much appreciated,