cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


240
Views
15
Helpful
6
Replies
Highlighted
Beginner

Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

Hello Guys

 

I am trying to build a Route Based L2L VPN tunnel between my Cisco ASA running 9.8 Code and Azure CLoud.

I have a Basic Idea on the Configuration of the Route Based VPN tunnel. But I would like to know is it possible to Configure ACL's in this Route Based VPN tunnel to restrict traffic that traverses through the tunnel? If so, how to configure it?

 

Any Help would be much appreciated.

 

Thanks

Ravi

1 ACCEPTED SOLUTION

Accepted Solutions
RJI Advisor
Advisor

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

Yes, routed based VPNs still use a group-policy, which is where you need to define the use of a VPN Filter.

View solution in original post

6 REPLIES 6
RJI Advisor
Advisor

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

Hi,

You could implement VPN Filter to restrict traffic over this VPN. Example here.

 

HTH

Beginner

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

So the Regular VPN filter that we use to configure more controlled ACL's in a Policy Based VPN tunnel works for Route Base VPN tunnel too?

RJI Advisor
Advisor

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

Yes, routed based VPNs still use a group-policy, which is where you need to define the use of a VPN Filter.

View solution in original post

VIP Mentor

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

You can put a regular ACL on the tunnel-interface. That is very often easier to handle than a vpn-filter.

Beginner

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

I am using a VTI on the Cisco end for this route based VPN. Would I still be able to apply an outbound ACL to the VTI?

VIP Mentor

Re: Route Based L2L VPN tunnel between Cisco ASA and Azure Cloud

VTI is the implementation of route-based VPNs on Cisco ASA/IOS.

I never used outbound ACLs on tunnel interfaces, only inbound. But I assume it should work.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here