Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

no sysopt connection permit-vpn or VPN filter

Hi All,

I have a question to pros:

In terms of security and easier configuration which option is more preferrable:

using

"no sysopt connection permit-vpn" and apply inbound ACLs on outside interface

or using VPN filters?

I feel more secure when there is no sysopt connection permit-vpn statement in my ASA, so I can apply inbound ACLs on outside interface.

I am not planning to switch over to VPN filters, and  want to hear your opinion.

I have a bunch of L2L tunnels and don;t have any access VPN.

Thanks!

629
Views
0
Helpful
0
Replies
CreatePlease to create content