- Silver, 250 points or more
Is there a way to set up a tunnel IPSEC for a certain group only on a predefined interface? And how?
The isamkp must be enabled on all interface, because I have tunnel on all interface..
Well you can remove the systop connection permit-vpn command and allow VPNs through ACL only. This command bypasses ACL check for firewall-terminated crypto traffic; its enabled by default. Disable this, and allow each SPECIFIC IP access to specific crypto interface. Or Deny some and allow others (this would specially be true on the outside).
ASA 8.1 added support for netflow but only on the higher end models (5580-XX). Maybe we see it in the future on other models as well.