Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN3030 Group filter and Firewall Policy (CPP) filter - what's differences?


I am trying to push the firewall policy (CPP) to the client's personal firewall, Cisco Integrated Client. We are running V. 3.6 on the concentrator and the client.

I would like to know the differences between setting up the filter on the Group level (User Management/Groups/General) versus setting up the filter on the Firewall Policy (User Management/Groups/Client FW).

My intention is to restrict VPN users to only certain network segments base on on group membership. I already have the network lists setup. How should this be configured on the concentrator? I am not quite sure where the filter should be applied. We are also not allowing split tunneling.

Thank You

  • Other Security Subjects

Re: VPN3030 Group filter and Firewall Policy (CPP) filter - what

The idea is the same, they are filters for the group, or in the case of CPP for the client. However, the CPP only applies to microsoft clients. Another difference would be when you create the rules, the direction for general filter is relative to the concentrator, whereas for the CPP, the direction is relative to the client.

So if you want the rule to apply to all types client, then you want to use the general tab.


This widget could not be displayed.