Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
0
Replies

AnyConnect - filtering by public IP address with DAP

joan.ballaud
Level 1
Level 1

‎06-12-2014 06:53 AM - edited ‎02-21-2020 07:41 PM

Hello Cisco Community,

 

I am looking for an easy way to create a new access profile on my Cisco ASA 8.4.7 (using AnyConnect) and filtering the public source ip addresses authorized to connect to one specific remote access profile.

I wanted to create a new DAP entry in my table with a well known remote user attribute by the ASA: the remote user public ip address where anyconnect is initiating the VPN connection from. But after reading all the Cisco guides, I see no aaa attribute which I may use in a LUA custom condition to filter the source IP address of my remote users. Is there a non referenced attribute containing the user public ip address which I can use in a DAP record ?

 

Do you see any other ASA implementation where I may filter the source ip address considering that there are other connection profiles on the same ASA gateway which may not be impacted by this filtering condition ? --> so no interface ACL possible.

 

Thanks for your help,

Joan

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents