How can I configure Linux Server Firewall for Cisco AnyConnect?

Tags VPN

This document provides instructions for configuring a Linux server's firewall rules to allow connections via Cisco AnyConnect.

You should already have an internal firewall zone to restrict access to services (ssh is the most relevant example of a service restricted to internal sources) to hosts from your own VLAN. This firewall rule is already present on all Technology Solutions-managed systems, but if you manage your own system and you haven't already done this, create a new firewall zone called 'internal' like this:

 
sudo firewall-cmd --new-zone=internal --permanent
then, run the following command to restrict source traffic to your own VLAN:
 
sudo firewall-cmd --add-source=10.0.0.0/8 --zone=internal --permanent
Once your internal zone is set up, add the UIC VPN IP address range:
 
sudo firewall-cmd --add-source=172.22.0.0/16 --zone=internal --permanent
Finally, make sure to restart your firewall service to load the new rules in:
 
sudo firewall-cmd --reload

Details

Article ID: 919
Created
Fri 1/15/21 6:15 PM
Modified
Wed 8/17/22 3:03 PM

Related Services / Offerings (1)

A Virtual Machine is a guest server hosted on a VM host.