Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain subnets
I am trying to find documentation on filtering VPN traffic on a Cisco ASA 5520. I have found limited documentation that seems to be more related to older versions or even "PIX" devices that doesn't seem to match up with what I have. Basically I have 2 vendors that would like VPN access into my network for easier access to their devices. Each Vendor has a specific Vlan they are assigned to so I wanted to just give them full access to that address range and nothing else. Any help would be greatly appreciated.
Re: Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain
Theres atleast 3 ways to do what you are trying to achieve.
You can use split-tunneling to define the networks visible/usable for the remote user in the group-policy of the VPN connections.
You can use a VPN filter access-list to define what traffic you want to allow to the mentioned networks (if you dont want to allow all traffic)
You can make the ASA behave so that all connections coming from OUTSIDE interface will be checked against the OUTSIDE interface access-list (Even the VPN Client or L2L VPN connections). Personally I like to use this option
Do you have any existing VPN connections on the ASA at the moment?
I dont have a link to the documentation at the moment, though I think I could find you one. I can also give you example configurations if you need.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...