If we are talking about ASAs and VPN Filter ACLs then have you considered the option where you change the global setting
NOTE: The below setting should not be changed unless you know its effects in your environment
sysopt connection permit-vpn
no sysopt connection permit-vpn
So that you can handle all access control on your external interfaces interface ACL rather than with separate VPN Filter ACLs?
Naturally in an existing environment this might be a bit tricky to implement as BEFORE changing the above setting you would have to make sure that all the traffic required (or everything) from the VPN connections is allowed in the interface ACL.
Implementing this would eventually let you modify a single ACL (the external interface ACL) for all the rules that should apply to connections initiated from behind VPN Connections.
I know only the few basics ways to control the VPN users traffic they basically are
Changing the global "sysopt" setting and controlling all user traffic on the external interface ACL
Use separate VPN Filter ACLs
If using subinterfaces for local interfaces then tie the VPN connection to a specific Vlan which would allow connectivity only towards that Vlan subinterface for those VPN users.
In some cases we might use a separate device to do the access control.
But I guess if the requirement is to have a specific ACL for each VPN user group then the original suggestion is not an option for you.
I was just thinking that using the same ACL would make it easier to generate the new configuration addiotion. Atleast in the sense that the ACL name for each rule would be the same. If you didnt make too broad ACL rules it would not really allow any connectivity between the different networks involved though that would also depend on the NAT configurations, not just the ACL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :