AnyConnect - filtering by public IP address with DAP
Hello Cisco Community,
I am looking for an easy way to create a new access profile on my Cisco ASA 8.4.7 (using AnyConnect) and filtering the public source ip addresses authorized to connect to one specific remote access profile.
I wanted to create a new DAP entry in my table with a well known remote user attribute by the ASA: the remote user public ip address where anyconnect is initiating the VPN connection from. But after reading all the Cisco guides, I see no aaa attribute which I may use in a LUA custom condition to filter the source IP address of my remote users. Is there a non referenced attribute containing the user public ip address which I can use in a DAP record ?
Do you see any other ASA implementation where I may filter the source ip address considering that there are other connection profiles on the same ASA gateway which may not be impacted by this filtering condition ? --> so no interface ACL possible.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...