Hi All,
I want to limit access to cisco asa ipsec interface from internet? How this works? using control-plane access list?
Is this correct way to do this:
access-list vpn_control extended permit esp object-group vpn-peer-ips interface GE7
access-list vpn_control extended permit ah object-group vpn-peer-ips interface GE7
and
access-group vpn_control in interface GE7 control-plane
Just want to remove ipsec interface from other ips that are not in vpn-peer-ips group
br,
Eero