Cisco Systems ASA 5585-X Network Router User Manual

Open as PDF

of 2086

69-28

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 69 General VPN Setup

ACL Manager

Note To enable local printing, you must enable the Local LAN Access feature in the client profile with a

defined ACL rule allow Any Any.

Configuring Local Print Support

To enable local print support, follow these steps:

Step 1 Enable the SSL VPN client firewall in a group policy. Go to Configuration > Remote Access VPN >

Network (Client) Access > Group Policies.

Step 2 Select a group policy and click Edit. The Edit Internal Group Policy window displays.

Step 3 Go to Advanced > SSL VPN Client > Client Firewall. Click Manage for the Private Network Rule.

Step 4 Create an ACL and specify an ACE using the rules in Table 69-2. Add this ACL as a Public Network

Rule.

Step 5 If you enabled the Automatic VPN Policy always-on and specified a closed policy, in the event of a VPN

failure, users have no access to local resources. You can apply the firewall rules in this scenario by going

to Preferences (Cont) in the profile editor and checking Apply last local VPN resource rules.

Tethered Devices Support

To support tethered devices and protect the corporate network, create a standard ACL in the group policy,

specifying destination addresses in the range that the tethered devices use. Then specify the ACL for split

tunneling as a network list to exclude from tunneled VPN traffic. You must also configure the client

profile to use the last VPN local resource rules in case of VPN failure.

Note For Windows Mobile devices that need to sync with the computer running AnyConnect, specify

the destination address 169.254.0.0 in the ACL.

Follow these steps:

Step 1 In ASDM, go to Group Policy > Advanced > Split Tunneling.

Step 2 Next to the Network List field, click Manage. The ACL Manager displays.

Step 3 Click the Standard ACL tab.

Printer Allow Public TCP Default Any 9100

mDNS Allow Public UDP Default 224.0.0.251 5353

LLMNR Allow Public UDP Default 224.0.0.252 5355

NetBios Allow Public TCP Default Any 137

NetBios Allow Public UDP Default Any 137

1. The port range is 1 to 65535.

Table 69-2 Example ACL Rules for Local Printing (continued)

Description Permission Interface Protocol

Source

Port

Destination

Address

Destination

Port

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA 5585-X Network Router User Manual