Filter on VPN Concentrator 3000

Rupesh Kashyap · ‎04-15-2010

Hi,

I am creating VPN tunnel between ASA and Cisco VPN Concentrator 3000. I have control on VPN Concentrator.

I have allowed the IP traffic for interesting traffic on Tunnel. I am looking for ACL Filter on tunnell in inbound direction. Our network on 20.x.x.x & Client ASA netowrk is 10.x.x.x.

I am little bit confused with Concentrator. I have allowed Inbound subnet 10.x.x.x to reach our netwoek 20.x.x.x on Port-80. Should I allow the reverse traffic towards outbound also. Please help.

Federico Coto Fajardo · ‎04-15-2010

Hi,

Under the group you create the appropiate filter to allow only the desired traffic.

How have you set it up?

What's the result? The filter is not working?

Federico.

Rupesh Kashyap · ‎04-15-2010

I have allowed interesting traffic with whole IP for source and destination subnet , that is ok. This is not my concerned. So there is no problem in Tunnell configuration.

I am looking for filter like remote network 10.x.x.x can only browse our network 20.x.x.x for http request. I have applied filter on inbound direction. My concern is, should I open reverse traffic on outbound direction also?

Federico Coto Fajardo · ‎04-15-2010

It's been a while since the last concentrator, but I remember that you should permit http on both directions.

So, you create an inbound and outbound filter to allow the web transactions between those IPs.

Have you tested the filer already?

Federico.

Rupesh Kashyap · ‎04-15-2010

so one acl will INBOUND -- source 10.x.x.x, Source port- any, Destination- 20.x.x.x, Destination port- 80

OUTBOUND- source 20.x.x.x, Source port- 80, Destination- 10.x.x.x, Destination port- any