ASA 5520 and a single VPN question

whiteford · ‎07-04-2008

Hi,

Simple question, so sorry for the description.

I could.nt find where this would appear in the CLI, but on our ASA 5520's ASDM console if I go to Monitoring > VPN Statistsics > Sessions > Filter by Site-to-Site > Select a VPN and choose details > within details there is a ACL tab.

Mine says "ACLs are not being applied to this session"

Think is I have "no sysopt connection permit-vpn" on my config so I have had to create many ACE's within the default ACL's. So should I be worried?

Thing is I know ACL's/ACE's are in use because if I disable them then the traffic stops flowing over the VPN.

Thanks

a.alekseev · ‎07-04-2008

I think you are speaking about "vpn-filter" command inside the group-policy

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpngrp.html#wp1134191

a.alekseev · ‎07-04-2008

by the way, if you use ASDM it's usefull to see real commands before applying them.

whiteford · ‎07-04-2008

Where do I find that looks great?

What are filters in a nut shell then? Is it another way of firewalling VPN traffic? If so I do prefer the ACE method I have done.

a.alekseev · ‎07-04-2008

tools -> preferences

these filters are ACLs for traffic going within IPsec tunnel.

whiteford · ‎07-05-2008

Hi,

I have done tools -> preferences thanks.

Are filters better than the way I'm doing it by controling traffic by ACE's in the Inside and Outside ACL/Interfaces of the ASA?