thanks for the quick response - i'll have a look at this and post back.

andy

hi

am also having same query ; however the link provided by you is for RA VPN

Regards

Ankur

It is the same process for L2L.

created a group policy with a vpn filter and applied this to my tunnel group - can now control traffic in tunnel - thanks for the help.

andy

andy

can u please let me know the commands (of VPN Filter , tunnel-group , group-policy as well as crypto acl )which you gave for the L2L VPN .

hello

i actually setup the group policy using the SDM GUI (on an ASA 5550 running 7.2(3)) but the running config shows the following:-

For the VPN filter the cmds are:

access-list CONTRACTORS_VPN_FILTER extended permit tcp B.B.B.B 255.255.255.0 object-group LOCAL_IPS object-group PERMITTED_PORTS

where CONTRACTORS_VPN_FILTER is the name I gave to the filter, B.B.B.B is the contractors internal network, LOCAL_IPS is an object group I created containing the local ips that the contractor can access and PERMITTED_PORTS is a service group contating the permitted tcp ports.

For the Group policy the cmds are:

group-policy CONTRACTORS internal

group-policy CONTRACTORS attributes

vpn-filter value CONTRACTORS_VPN_FILTER

where CONTRACTORS is the name I gave to the policy and CONTRACTORS_VPN_FILTER is the VPN filter created earlier. When I created the policy through SDM all the other attributes were set to “inherit” so I changed those to match our default policy.

To apply the group policy to my already created tunnel the cmds are:

tunnel-group X.X.X.X general-attributes

default-group-policy CONTRACTORS

Where X.X.X.X is the contractors peer IP address and CONTRACTORS is the policy created earlier.

That's the config but it was a lot easier using SDM.

Cheers

Andy