Allow/Deny Ports over site2site vpn

Unanswered Question
Jan 23rd, 2009

Hi All,

I'm in the planning stages of setting up a site2site between my asa5520, and the business partner's checkpoint ngx60.

His config sheet specifies allowed ports (ICMP/HTTP) to traverse the vpn, in addition to the ip's/interesting traffic. Can I do the same with the ASA?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Sat, 01/24/2009 - 07:04


Yes - you can do that using the command called as vpn-filter under the group-policy.

What you need to do is,

a. Create a specific group-policy

b. Create a specific vpn-filter & the access-list

c. Apply the filter to the group-policy

d. Apply the group-policy to the tunnel-group.

Hope this helps.




This Discussion