Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect - filtering by public IP address with DAP

Hello Cisco Community,

 

I am looking for an easy way to create a new access profile on my Cisco ASA 8.4.7 (using AnyConnect) and filtering the public source ip addresses authorized to connect to one specific remote access profile.

I wanted to create a new DAP entry in my table with a well known remote user attribute by the ASA: the remote user public ip address where anyconnect is initiating the VPN connection from. But after reading all the Cisco guides, I see no aaa attribute which I may use in a LUA custom condition to filter the source IP address of my remote users. Is there a non referenced attribute containing the user public ip address which I can use in a DAP record ?

 

Do you see any other ASA implementation where I may filter the source ip address considering that there are other connection profiles on the same ASA gateway which may not be impacted by this filtering condition ? --> so no interface ACL possible.

 

Thanks for your help,

Joan

129
Views
0
Helpful
0
Replies