Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2450
Views
5
Helpful
5
Replies

FMC Object Management / ACL

Go to solution
GRANT3779
Spotlight
Spotlight

‎06-29-2018 05:49 AM - edited ‎02-21-2020 07:56 AM

Within the FMC where exactly do the ACLs under Object Management fit in with deploying configs to registered devices?

 

For FTD devices I was under the impressions Prefilter and ACP rules took over the role of the traditional ACL on an ASA?

 

Are the ACLs under Object Management meant for the devices running traditional ASA with FirePOWER services? If so, how exactly are they applied to the ASA Interfaces via FMC?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎06-29-2018 06:57 AM

Split-tunneling and VPN Filters for Anyconnect are configured as ACL's on the Firepower, same as how they are on the ASA. This is where you would configure them. If you have configured them from the VPN section, they would show up here. 

View solution in original post

5 Replies 5

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎06-29-2018 06:47 AM

Hi

 

Where do you see the ACL in object management?

FMC deploys the policy same way on FTD as it does not firepower (from top overview)

Its all about access control policy with objects created which can be used in multiple policies.

There is no ACL in object management as far as I see. Can you give screenshot of what do you mean?

 

Thanks,

Yogesh

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to yogdhanu

‎06-29-2018 06:54 AM

Hi Yogesh,

 

See attached.

 

Preview file
70 KB
0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎06-29-2018 06:57 AM

Split-tunneling and VPN Filters for Anyconnect are configured as ACL's on the Firepower, same as how they are on the ASA. This is where you would configure them. If you have configured them from the VPN section, they would show up here. 

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Rahul Govindan

‎06-29-2018 07:00 AM

ACL objects are used for Route-maps as well. 

0 Helpful

Go to solution
Scott Reedman
Level 1
Level 1
In response to Rahul Govindan

‎04-08-2019 05:26 PM

Hey Rahul, 

 

Is using the standard and Extended ACL's really the only way to control anyconnect clients? I am using a couple of 2110's for VPN clients only as a recent SD-WAN implementation has freed them up and I would rather use these than older ASA5520's. I have one each at 2 sites and managing them with the FMC. The outside interface has a static external IP and the inside is attached to the core on a separate VLAN for the device. I am using separate address pools on the FTD boxes for different groups of contractor, employees from different departments ect. Is there anyway to apply all the features of ACP and prefilter to the VPN clients? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card