ASA Remote Access VPN with ACLs

jmprats · ‎04-23-2008

Hi, I'm trying to configure ACLs to restrict the network access for remote access users (L2TP/IPscer VPN).

I'm applying an vpn-filter to the group policy

group-policy DfltGrpPolicy attributes

wins-server value 192.168.128.19

dns-server value 192.168.128.19

vpn-filter value VPN

If I put an "permit ip any any" statement in the VPN filter I can connect correctly through the VPN connection. But if I delete the permit ip any any and limit the access to some servers and ports I can't establish the vpn connection, so it looks like this filter works before establishing the connection

I can't see anything in the ASA log

Some help?

What ACL's I need? How can I restrict the network access?

Thaks

vkapoor5 · ‎04-29-2008

This document describes the procedure to use PIX/ASA to configure VPN filter in L2L and Remote Access with Cisco VPN Client.

Filters consist of rules that determine whether to allow or reject tunneled data packets that come through the security appliance, based on criteria such as source address, destination address, and protocol. You configure ACLs to permit or deny various types of traffic for this group policy. You can also configure this attribute in username mode, in which case, the value configured under username supersedes the group-policy value.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml