Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

ASA DAP

CGI-Europe
Level 1
Level 1

‎11-22-2011 07:31 AM

Hello, I have an internet facing ASA configured with an ACL on the outside interface.  The ACL allows access to my web facing services hosted in several DMZ's. 

The ASA is also configured for anyconnect remote access VPN.  My question is do I need to specify an ACE in the ACL bound to the outside interface allowing traffic in from the network range assigned to my Anyconnect clients or should the ACL's defined in my DAP's overide the ACL bound to the interface and allow the access to my internal services?

Thanks in advance for any help.

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎11-23-2011 08:36 AM

You do not need to configure any ACL rules on outside interface to allow VPN pool to communicate with Inside/DMZ. Just no-nat statements are required.

Thanks

Ajay

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents