vpn-filter not working

Unanswered Question
Apr 2nd, 2009
User Badges:


We have several EZVPN clients connecting to a ASA server. The remote hosts can access all devices behind the ASA. I have added filters to user profile and group polies but they dont work. Here is partial configuration from the ASA:

object-group network Blue

description Blue

network-object host

network-object host

access-list Blue-2 extended permit ip object-group Blue host

access-list Blue-2 extended deny ip any any

access-list Blue-2 extended deny icmp any any

username test password *

username test attributes

vpn-group-policy testpolicy

vpn-filter value Blue-2

password-storage enable

tunnel-group testprofile type remote-access

tunnel-group testprofile general-attributes

address-pool Pool1

default-group-policy testpolicy

tunnel-group testprofile ipsec-attributes

pre-shared-key *

Any help will be much appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 04/02/2009 - 16:53
User Badges:
  • Blue, 1500 points or more

have you verified users are getting assigned the correct group-policy and not the default one.

show vpn-sessiondb detail


This Discussion