10-09-2019 09:05 PM - edited 10-09-2019 09:07 PM
I want to limit/filter/drop traffics that will be initiated from the inside of my network(behind the firewall) heading to Cisco VPN tunnel network/users, so basically I want always the Cisco vpn users to have access to behind(Inside interface) the firewall resources, not the inside to them, basically there would be a flow that's being initiated from Cisco VPN client address space, not the opposite.
I assigned a range of 192.168.10.x/24 for Cisco VPN clients, they are accessing the subnet 172.16.1.x/24 which is behind the firewall, how can I drop connections that wanna be initiated from 172.16.1.x/24? if I use an access list it drops even flows that are started from outside inward on their way back.
thank you so much
Solved! Go to Solution.
10-10-2019 04:23 AM - edited 10-10-2019 04:23 AM
You can use VPN filtering for this.
access-list AC-VPN-FILTER extended permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0
group-policy AC-GrpPolicy internal
group-policy AC-GrpPolicy attributes
vpn-filter value AC-VPN-FILTER
10-10-2019 04:23 AM - edited 10-10-2019 04:23 AM
You can use VPN filtering for this.
access-list AC-VPN-FILTER extended permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0
group-policy AC-GrpPolicy internal
group-policy AC-GrpPolicy attributes
vpn-filter value AC-VPN-FILTER
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide