Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Traffic to/from VPN tunnel to CSC (ASA)


I've got a few L2L VPN tunnels terminating on an ASA and I'd like to start getting traffic that flows from those tunnels to an internal server to go through the CSC for scanning first.

A policy map for traffic coming from the server to the VPN sites is simple enough: An ACL that matches the server's IP and the subnets at the other end of the VPN tunnels applied to the inside interface. I don't get how I'd match traffic coming from the tunnel going to the server (uploads, etc.). Where would I bind the policy map? I had hoped I could bind it to tunnels with a simple ACL that matches anything from the tunnel towards the server in question but I don't seem to be able to use a policy map on a tunnel.

Any ideas most welcome!

Everyone's tags (4)