I have couple of question in regards to remote access vpn and logging vpn traffic. Can someone please advise how can i capture decrypted traffic for remote access vpn client on firewall. right now firewall has any source any dest and any service access list associated with tunnel group (not interface access list) but the default group policy one. i don't know what kind of traffic is coming from remote vpn machine and i want to capture and create more specfic acl and associate that with tunnel group via vpn filter so no any's are allowed.
I have also load balancing configured for vpn and i know if i add vpn filter via group policy and add it to default group it can cause downtime but since i have vpn load balancing configured it shoudnt affect remote client. Am i right ?
I don't think that you can capture based on the tunnel-group. You can configure your capture on the inside interface and restrict with capture-ACLs what you want to see.
For VPN load balancing:
On an active-standby pair, it's not possible to loadbalance traffic between the active and the standby unit. Load is only shared between the configured load-balancing members. But an active/standby pair can be used as a loadbalancing member. But for that member, only the active unit processes traffic. The benefit of this setup is that the client doesn't need to reconnect when the active unit fails. I normal VPN loadbalancing, all VPN sessions drop when the particular member fails.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...