vpn-filter not working

Unanswered Question
Apr 2nd, 2009
User Badges:

Hi,


We have several EZVPN clients connecting to a ASA server. The remote hosts can access all devices behind the ASA. I have added filters to user profile and group polies but they dont work. Here is partial configuration from the ASA:



object-group network Blue

description Blue

network-object host 192.168.5.31

network-object host 192.168.5.32


access-list Blue-2 extended permit ip object-group Blue host 10.10.10.100

access-list Blue-2 extended deny ip any any

access-list Blue-2 extended deny icmp any any


username test password *

username test attributes

vpn-group-policy testpolicy

vpn-filter value Blue-2

password-storage enable



tunnel-group testprofile type remote-access

tunnel-group testprofile general-attributes

address-pool Pool1

default-group-policy testpolicy

tunnel-group testprofile ipsec-attributes

pre-shared-key *

Any help will be much appreciated.

Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 04/02/2009 - 16:53
User Badges:
  • Blue, 1500 points or more

have you verified users are getting assigned the correct group-policy and not the default one.

show vpn-sessiondb detail

Actions

This Discussion