Filter on VPN Concentrator 3000

Unanswered Question
Apr 15th, 2010


I am creating VPN tunnel between ASA and Cisco VPN Concentrator 3000. I have control on VPN Concentrator.

I have allowed the IP traffic for interesting traffic on Tunnel. I am looking for ACL Filter on tunnell in inbound direction. Our network on 20.x.x.x & Client ASA netowrk is 10.x.x.x.

I am little bit confused with Concentrator. I have  allowed Inbound subnet 10.x.x.x to reach our netwoek 20.x.x.x on Port-80. Should I allow the reverse traffic towards outbound also. Please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 04/15/2010 - 11:20


Under the group you create the appropiate filter to allow only the desired traffic.

How have you set it up?

What's the result? The filter is not working?


Rupesh Kashyap Thu, 04/15/2010 - 11:47

I have allowed interesting traffic with whole IP for source and destination subnet , that is ok. This is not my concerned. So there is no problem in Tunnell configuration.

I am looking for filter like remote network 10.x.x.x can only browse our network 20.x.x.x for http request. I have applied filter on inbound direction. My concern is, should I open reverse traffic on outbound direction also?

Federico Coto F... Thu, 04/15/2010 - 12:06

It's been a while since the last concentrator, but I remember that you should permit http on both directions.

So, you create an inbound and outbound filter to allow the web transactions between those IPs.

Have you tested the filer already?


Rupesh Kashyap Thu, 04/15/2010 - 12:10

so one acl will INBOUND  -- source 10.x.x.x, Source port- any, Destination- 20.x.x.x, Destination port- 80

OUTBOUND- source 20.x.x.x, Source port- 80, Destination- 10.x.x.x, Destination port- any


This Discussion