In my application the easy vpn clients (software and hardware) are connecting to ASA5540 (ver. 8.0.3) on outside interface and access corporate server resources on the inside interface. To authorize the access the ACS (ver. 4.2) downloadable ACL are used.
On the inside interface there is a management subnet. The PCs and management servers on management subnet require access to remote clients. The access from management subnet to remote clients is working only when the full ip access from clients to management subnet is opened in downloadable ACL. It look like that the ASA5540 is not functioning as firewall.
I would like to have restricted access from remote clients to management servers and the full access from management subnet to remote clients.
The download of ACLs to the adaptive security appliance from an access control server (ACS). This enables the configuration of per-user access lists on a AAA server, to provide per-user access list authorization, that are then downloadable through the ACS to the adaptive security appliance. This feature is supported for RADIUS servers only and is not supported for TACACS+ servers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...