Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain subnets

Hello,

I am trying to find documentation on filtering VPN traffic on a Cisco ASA 5520.  I have found limited documentation that seems to be more related to older versions or even "PIX" devices that doesn't seem to match up with what I have.  Basically I have 2 vendors that would like VPN access into my network for easier access to their devices.  Each Vendor has a specific Vlan they are assigned to so I wanted to just give them full access to that address range and nothing else.  Any help would be greatly appreciated.

Thanks

3 REPLIES

Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain sub

Hello,

What kind of VPN are you going to use: Site to Site, remote access Ipsec or anyconnect?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain sub

Yes sorry, I am trying to setup a remote access session, most likely SSL/Anyconnect.

Super Bronze

Re: Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain

Hi,

Theres atleast 3 ways to do what you are trying to achieve.

  • You can use split-tunneling to define the networks visible/usable for the remote user in the group-policy of the VPN connections.
  • You can use a VPN filter access-list to define what traffic you want to allow to the mentioned networks (if you dont want to allow all traffic)
  • You can make the ASA behave so that all connections coming from OUTSIDE interface will be checked against the OUTSIDE interface access-list (Even the VPN Client or L2L VPN connections). Personally I like to use this option

Do you have any existing VPN connections on the ASA at  the moment?

I dont have a link to the documentation at the moment, though I think I could find you one. I can also give you example configurations if you need.

- Jouni

594
Views
0
Helpful
3
Replies
CreatePlease to create content