Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn-filter not working

Hi,

We have several EZVPN clients connecting to a ASA server. The remote hosts can access all devices behind the ASA. I have added filters to user profile and group polies but they dont work. Here is partial configuration from the ASA:

object-group network Blue

description Blue

network-object host 192.168.5.31

network-object host 192.168.5.32

access-list Blue-2 extended permit ip object-group Blue host 10.10.10.100

access-list Blue-2 extended deny ip any any

access-list Blue-2 extended deny icmp any any

username test password *

username test attributes

vpn-group-policy testpolicy

vpn-filter value Blue-2

password-storage enable

tunnel-group testprofile type remote-access

tunnel-group testprofile general-attributes

address-pool Pool1

default-group-policy testpolicy

tunnel-group testprofile ipsec-attributes

pre-shared-key *

Any help will be much appreciated.

Thanks

2 REPLIES
Gold

Re: vpn-filter not working

have you verified users are getting assigned the correct group-policy and not the default one.

show vpn-sessiondb detail

New Member

Re: vpn-filter not working

Thanks for the reply.

I verified the group policy. It is correct.

The behaviour I am seeing is similar to the one in bug ID CSCse96559. In my case I am running the latest code.

http://supportwiki.cisco.com/ViewWiki/index.php/The_vpn-filter_command_does_not_restrict_access_on_a_PIX_Firewall/ASA_running_software_version_7.x_when_used_with_Cisco_IOS_12.x_EZVPN_clients

306
Views
0
Helpful
2
Replies
CreatePlease login to create content