02-25-2008 02:32 AM - edited 02-21-2020 03:34 PM
Hi all, we run remote access and site to site vpn on my asa, my question is Can I create an access list for the site to site tunnel, but still leave the remote access vpn to bypass the access list via the sysopt command, or if I turn this off will it affect both site to site and remote access vpn ?
02-25-2008 05:40 AM
If you turn off sysopt conn permit-vpn it will apply to both your site to site and remote access vpn...all ipsec traffic. You would have to use a vpn-filter for the site to site tunnel if you wanted to leave the sysopt in there.
02-25-2008 06:23 AM
is this done under the group policy ?
02-25-2008 06:36 AM
Yes.
group-policy
vpn-filter value
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide