ASA5510 7.2 ipsec-filter all data flow

Unanswered Question


i want to limit incoming traffic from a remote tunnel, i do this via a policy group-mapped to an acl and to a tunnel-group.

For example:



access-list inside permit ip

access-group inside in interface inside

access-list tunnel-data permit tcp eq 80

group-policy tunnelpol att vpn-filter tunnel-data

tunnel-group tunnelgrp gen default-group-policy tunnelpol

sysopt connection permit-vpn

No data Flows, i get the error: Deny inbound tcp 80 src inside to on interface inside

if i add this: access-list tunnel-data permit ip all traffic flows in both directions, but i only want to allow from local to remote ALL and from remote to LOCAL only 80 tcp.

stateful everything should flow (ACKs from Remote), but SYN only from SOURCE.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion