10-04-2024 06:12 AM - edited 10-04-2024 06:22 AM
Hi,
I have manually migrated the RAVPN configuration from an ASA to FMC/FTD.
Believe I have all of the configuration setup correctly, my main concern is around the ACLs which permit RAVPN user access throughout the network. The RAVPN users use a pool of 192.168.208.0/24. I wanted to know if these ACL's are migrated over by the FMT even though I did not select the RAVPN option during the FMT migration and parsing.
If no, what is the best way to identify all RAVPN ACL's they may be missing from the FTD configuration, where can this be found on the ASA for comparison.
Update: I have identified several policies detailing 192.168.208.0/24 on the inside interface so it looks like the RAVPN rules have been migrated even though the RAVPN option was not selected during migration. Is there anything else that needs to be added if these rules are already there?
Thanks!
10-04-2024 06:54 AM
I will compare the remote access profiles required ACL and If not a Long List of ACL i created manually and test it.
Some ACL will be moved part of ACL Move when they are part of normal ACL
10-04-2024 08:21 AM
@NetworkMonkey101 are you referring to the Access Control Policy? As on FTD as default you need to explictly permit VPN traffic in the Access Control Policy.
You should also check to ensure you have the relevant NAT exemption rules (if applicable), to ensure traffic is not unintentially translated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide