Thursday 17 December 2015

Controlling VPN traffic with VPN Filters on Cisco ASA

Typically (or by default rather) VPN traffic is NOT controlled by normal access controls on the interfaces and rather are controlled by VPN filters.

They are fairly straight forward to apply - for example...

We firstly create an ACL:
access-list EU-VPN-FILTER permit ip
Then proceed by defing a group policy:
group-policy MYSITE internal
group-policy MYSITE attributes
  vpn filter value EU-VPN-FITER
And finally creating / amending the tunnel group so it uses the default policy we have created:
tunnel-group general-attributes
  default-group-policy MYSITE


Post a Comment