ASA 5520 and a single VPN question

Unanswered Question
Jul 4th, 2008
User Badges:


Simple question, so sorry for the description.

I could.nt find where this would appear in the CLI, but on our ASA 5520's ASDM console if I go to Monitoring > VPN Statistsics > Sessions > Filter by Site-to-Site > Select a VPN and choose details > within details there is a ACL tab.

Mine says "ACLs are not being applied to this session"

Think is I have "no sysopt connection permit-vpn" on my config so I have had to create many ACE's within the default ACL's. So should I be worried?

Thing is I know ACL's/ACE's are in use because if I disable them then the traffic stops flowing over the VPN.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Fri, 07/04/2008 - 08:09
User Badges:
  • Gold, 750 points or more

by the way, if you use ASDM it's usefull to see real commands before applying them.

whiteford Fri, 07/04/2008 - 11:11
User Badges:

Where do I find that looks great?

What are filters in a nut shell then? Is it another way of firewalling VPN traffic? If so I do prefer the ACE method I have done.

a.alekseev Fri, 07/04/2008 - 23:50
User Badges:
  • Gold, 750 points or more

tools -> preferences

these filters are ACLs for traffic going within IPsec tunnel.

whiteford Sat, 07/05/2008 - 00:11
User Badges:


I have done tools -> preferences thanks.

Are filters better than the way I'm doing it by controling traffic by ACE's in the Inside and Outside ACL/Interfaces of the ASA?


This Discussion