Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

AnyConnect config for Jabber/VOIP only

Hi all,

Have done some searches but haven't come up with anything solid.  Never have been good at searching this site, and I suppose I could be the first person to ask this type of question.  But that's unlikely.  Also not sure if thie community is the best fit or if I'd be better served in the ASA communities.  Regardles . . .

Here's what I've got in place at the moment.

- Unified Communications Manager 9.x environment, including Call Manger 9.x and IM&P 9.x

- Cisco ASA 5555X's in an HA pair.

- AnyConnect Mobile

- AnyConnect Premium

- Advanced Endpoint Assessment

- IOS/Android devices running the Cisco Jabber client(s).

Here's what I'm trying to accomplish.

- Build an AnyConnect profile/Group Policy/Dynamic Access Profile for IOS/Android devices. (done)

- Set up split-tunneling/ACLs within the Group Policy to allow the Jabber client access to the UC environment, as well as allowing an RTP stream from an a device on AnyConnect to any telephony device in the internal environment. (Sort of done, not working the way I'd like.)

- Deny http/https traffic to any other internal corporate websites. (Sort of done, not working the way I'd like.)

I know for sure this is centered around ACLs, because if I don't define any for this profile, calls work as expected (with video too!).  Unfortunately, access to internal web sites works too.  If I activate the ACLs I've come up with so far against the AnyConnect profile, I'm successful in blocking internal web site access.  Unfortunately I also get one-way audio to the Jabber client.

So far I've tried a mix of a Standard ACL applied against the split-tunnel, as well as an extended one.  Have also tried pinning an ACL against the DAP too.  I'm tantalizingly close, but haven't quite come up with the right combination of things.  Looking to see if anyone has run through this particular scenario.  And to see if there's any advice they might like to share.

CreatePlease to create content