I have a problem with vpn client access and local ip pool. In Pix version 6.3x when i created ip local pool an object was also created under Hosts/Network and there was no problem to give this object (ip pool) access outside_access_in , but
in my ASA 7.04 there are no object created under Hosts/Networks. I have tried to use a filter (Filter_Av_10) under "Group-Policy" but i can´t get any traffic trough (see configuration below). It´s only working when i give the network 10.1.1.0/25 (ip pool) access outside_access_in (in Security Policy), is this the right way to do this?.
Could someone please explain this to me.
access-list Inside_access_in extended permit ip any any
access-list Outside_access_in extended permit icmp any any echo-reply
access-list Outside_access_in extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0
access-list Filter_Av_10 extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0
access-list easyv_av_butiker_splitTunnelAcl standard permit 192.0.0.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip 192.0.0.0 255.255.255.0 10.1.1.0 255.255.255.128
global (Outside) 10 interface
global (DMZ) 10 interface
nat (DMZ) 10 126.96.36.199 255.255.255.0
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 192.0.0.0 255.255.255.0
access-group Outside_access_in in interface Outside
access-group DMZ_access_in in interface DMZ
access-group Inside_access_in in interface Inside
access-group management_access_in in interface management
group-policy easyv_av_butiker internal
group-policy easyv_av_butiker attributes
vpn-filter value Filter_Av_10
split-tunnel-network-list value easyv_av_butiker_splitTunnelAcl
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...