I am using Cisco ASA 5510 as my organizations firewall which we have purchased days ago. I have created a IPSec Remote Access VPN with it. My Branch office is located in another city which i need to connect it through VPN.
I have configured my IPSec VPN on ASA with all policies which i need and at client end installed Cisco VPN Client SW. Now i can connect to my VPN Server (ASA) from my branch office. I am also getting an IP address from the POOL which i have allocated during setup of VPN.
Public IP configure on my ASA(outside) 22.214.171.124
Inside IP 10.10.4.11
My Local network is running on 10.10.x.x 255.255.0.0
VPN Client Pool is 10.10.21.1-10.10.21.15 255.255.255.240
I want to apply ACL on my VPN Traffic which i need to be restricted in a sense that i dont want my VPN users to access any resource on my headoffice except 2 web application and 1 SW application.
Initially, i can ping from head office to branch office and vice versa after VPN is connected with no ACL's configured.
Now my question is that in what way i need to apply ACL between my outside and inside users as i tried to apply ACL but still all my resources are available to 10.10.21.0 users.
access-list 101 deny tcp 10.10.21.0 255.255.255.240 10.10.2.11 255.255.255.255 eq http
access-group 101 in interface outside.
this is the ACL which i have applied on my outside interface but still after that i can access 10.10.10.2.11 from my branch office.
can anyone help me out