Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Restricting access to Web Portal Client SSL VPN Cisco ASA

Hi all,

We have recently setup a Cisco ASA 5520 to provide a clientless SSL VPN via the web portal for our staff.

My question is, how do i restrict access to the webportal to certain IP addresses/ranges?

Basically, the clientless SSL VPN is enabled on both the inside and outside interfaces.

With the outside interface, we would like anyone from any IP to be able to access the portal. From the inside interface, we would only like members of a certain subnet to be able to log onto the portal, or even get access to it. This is to stop out limited SSL licenses from being tied up by people using the system internally.

My current understanding is that the VPN traffic bypasses the interface ACLs. is there anyway for me to get the SSL connections coming into the inside interface to be subject to these ACLs?

Any help much appreciated,

Many thanks

JOnathan

2 REPLIES

Re: Restricting access to Web Portal Client SSL VPN Cisco ASA

You could achieve this using control plane policing.

access-list cplane permit tcp host 1.1.1.1 host 2.2.2.2 eq 443

access-list cplane deny tcp any host 2.2.2.2 eq 443

access-group cplane in interface inside control-plane

New Member

We tried this to limit the IP

We tried this to limit the IP ranges of who can access the ASA  Portal page but even at the Control Plane level it won't limit the https access on the outside interface.

 

 

708
Views
10
Helpful
2
Replies
CreatePlease to create content