Hi, I'm trying to configure ACLs to restrict the network access for remote access users (L2TP/IPscer VPN).
I'm applying an vpn-filter to the group policy
group-policy DfltGrpPolicy attributes
wins-server value 192.168.128.19
dns-server value 192.168.128.19
vpn-filter value VPN
If I put an "permit ip any any" statement in the VPN filter I can connect correctly through the VPN connection. But if I delete the permit ip any any and limit the access to some servers and ports I can't establish the vpn connection, so it looks like this filter works before establishing the connection
I can't see anything in the ASA log
What ACL's I need? How can I restrict the network access?
This document describes the procedure to use PIX/ASA to configure VPN filter in L2L and Remote Access with Cisco VPN Client.
Filters consist of rules that determine whether to allow or reject tunneled data packets that come through the security appliance, based on criteria such as source address, destination address, and protocol. You configure ACLs to permit or deny various types of traffic for this group policy. You can also configure this attribute in username mode, in which case, the value configured under username supersedes the group-policy value.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...