that`s correct, but I would never use "any" config you have used :
access-list 110 permit ip 192.168.195.0 0.0.0.255 any
In my case I have 2 LAN networks :
and my vpn clients have the ip pool:
So I created the ACL as below :
ip access-list extended ACL_CRYPTO_VPN_CLIENTS
deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
I denied access to VPN clients on the network 172.16.0.0 and permited them access to network 10.0.0.0.
You see? I have not used ANY because if You later add more than one LAN than is it more easy to handle the ACL, more easier to find out who have and who have not permission to access specified networks.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...