ASA5510 7.2 ipsec-filter all data flow

Unanswered Question

Hi,

i want to limit incoming traffic from a remote tunnel, i do this via a policy group-mapped to an acl and to a tunnel-group.

For example:

local: 192.168.1.0 255.255.255.0

remote: 192.168.2.0 255.255.255.0

access-list inside permit ip 192.168.1.0 255.255.255.0 192.168.2.0

access-group inside in interface inside

access-list tunnel-data permit tcp 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 80

group-policy tunnelpol att vpn-filter tunnel-data

tunnel-group tunnelgrp gen default-group-policy tunnelpol

sysopt connection permit-vpn

No data Flows, i get the error: Deny inbound tcp 80 src inside 192.168.1.1 to 192.168.2.1 on interface inside

if i add this: access-list tunnel-data permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 all traffic flows in both directions, but i only want to allow from local to remote ALL and from remote to LOCAL only 80 tcp.

stateful everything should flow (ACKs from Remote), but SYN only from SOURCE.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion