07-04-2008 07:17 AM
Hi,
Simple question, so sorry for the description.
I could.nt find where this would appear in the CLI, but on our ASA 5520's ASDM console if I go to Monitoring > VPN Statistsics > Sessions > Filter by Site-to-Site > Select a VPN and choose details > within details there is a ACL tab.
Mine says "ACLs are not being applied to this session"
Think is I have "no sysopt connection permit-vpn" on my config so I have had to create many ACE's within the default ACL's. So should I be worried?
Thing is I know ACL's/ACE's are in use because if I disable them then the traffic stops flowing over the VPN.
Thanks
07-04-2008 07:48 AM
I think you are speaking about "vpn-filter" command inside the group-policy
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpngrp.html#wp1134191
07-04-2008 08:09 AM
07-04-2008 11:11 AM
Where do I find that looks great?
What are filters in a nut shell then? Is it another way of firewalling VPN traffic? If so I do prefer the ACE method I have done.
07-04-2008 11:50 PM
tools -> preferences
these filters are ACLs for traffic going within IPsec tunnel.
07-05-2008 12:11 AM
Hi,
I have done tools -> preferences thanks.
Are filters better than the way I'm doing it by controling traffic by ACE's in the Inside and Outside ACL/Interfaces of the ASA?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: