04-02-2009 01:49 PM - edited 02-21-2020 04:12 PM
Hi,
We have several EZVPN clients connecting to a ASA server. The remote hosts can access all devices behind the ASA. I have added filters to user profile and group polies but they dont work. Here is partial configuration from the ASA:
object-group network Blue
description Blue
network-object host 192.168.5.31
network-object host 192.168.5.32
access-list Blue-2 extended permit ip object-group Blue host 10.10.10.100
access-list Blue-2 extended deny ip any any
access-list Blue-2 extended deny icmp any any
username test password *
username test attributes
vpn-group-policy testpolicy
vpn-filter value Blue-2
password-storage enable
tunnel-group testprofile type remote-access
tunnel-group testprofile general-attributes
address-pool Pool1
default-group-policy testpolicy
tunnel-group testprofile ipsec-attributes
pre-shared-key *
Any help will be much appreciated.
Thanks
04-02-2009 04:53 PM
have you verified users are getting assigned the correct group-policy and not the default one.
show vpn-sessiondb detail
04-03-2009 08:21 AM
Thanks for the reply.
I verified the group policy. It is correct.
The behaviour I am seeing is similar to the one in bug ID CSCse96559. In my case I am running the latest code.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide