cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1013
Views
0
Helpful
3
Replies

Restrict Anyconnect VPN access

morrisbk1
Level 1
Level 1

I recently upgraded our VPN remote access clients to AnyConnect, now everybody in the organization can access the VPN. I was wondering is there is a way to block everybody and give access to who we want to give access to.

Also, I like to know how to stop VPN clients’ user from moving information (files/folders) between the remote PC (pc been access) and the pc they are access VPN from.

3 Replies 3

how is your authentication set up? are you using locally defined users or are you using a RADIUS / TACACS+ server?

Do you want to allow users to connect but be restricted to what they can access?

Normally you would use group policies for these types of restrictions.

As for  preventing files/folders from being copied from a PC , as far as I know this is not supported by the ASA.  You would have to implement some sort of data loss prevention technology (DLP) for this.

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

we are using LDAP for authentication.

no, i do not want the users to connect to the ASA at all. is this posible? i want only those who we allow to connect and not the entire organization as it is now.

I do not think it is possible to stop users from connecting to the vpn, but it is possible to prevent them from logging in.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html

For data loss prevention (stopping people from copying files), you could implement Cisco Secure Desktop (CSD).  This will initiate a virtualized desktop when the user connects to the AnyConnect SSL VPN and/or Clientless SSL VPN.

http://www.cisco.com/en/US/docs/security/csd/csd311/csd_for_asa/configuration/guide/CSDJntro.html

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: