My question is if anyones knows if you can set the VPN-filter ACL value using these attributes? I can see their is one for IPv6-VPN-Filter (219) but that doesn’t work, and I did try Access-List-Inbound (86), and Access-List-Outbound (87) incase but they aren’t the ones.
So I am left wondering whether Cisco missed it out of the documentation by mistake or it isn’t possible. I cant see why it wouldn’t be possible if you can set all other types of VPN attributes.
Thanks for the update, unfortunaltely we cant use DACLs since using Windows RADIUS server.
I have already tried the  Filter-Id and it blocked all traffic. The VPN intiailized but it failed the Xauth authentication becasue it couldnt contact the RADIUS server. I tried making the filer ACL as a permit any and it was the same. I think I forgot to mention that we are using IPSEC VPN client not L2L tunnel. When I read into the  Filter-Id more it says it "This applies only to full tunnel IPsec and SSL VPN clients", which after testing read as meaning it wont work with IPsec VPN client, ontl a L2L tunnel.
The Cisco AV-Pairs attribute also seems to suggest the same thing. I will give it a go and see what happens. Have you used this to apply a vpn-filter ACL to a IPSEC VPN account and got it to work?
Full tunnel means it does not apply to clientless vpn, not Lan-to-Lan tunnel.
It should work with IPsec VPN Client. It is strange that it even blocks the Xauth because the attribute should be applied after authentication, not before, and to confirm, it does not allow it too even after you configure permit IP any. Strange...
I tried it using the AV-Pairs and it worked fine, so went back to trying to use the  Filter-Id. Miraculously that also works fine now. I am not sure why it wasnt working before, as I am using the same ACL, so I guess it must be somehting on the RADIUS server. I can see your point that it should only be applied after authentication, so shouldnt stop authentication. Anyway its working now, thanks for all your help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :