Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1075
Views
5
Helpful
3
Replies

FTD w/Anyconnect - which zone is the (private addressed) VPN pool in?

lauren
Level 1
Level 1

‎01-26-2023 09:15 AM

Possibly a silly question, but I can't find the answer in the guides.

On FTD with an Anyconnect VPN set up for remote access over the Internet.  Anyconnect users get a private address assigned from a VPN pool as normal.

Now when creating a ruleset to allow/deny internal communications with a VPN user on their private address, which zone is the remote user in, inside or outside?

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎01-26-2023 09:21 AM - edited ‎01-26-2023 09:25 AM

Zone to allow traffic ? as I Know the zone of VPN pool is OUTside 

lauren
Level 1
Level 1
In response to MHM Cisco World

‎01-26-2023 09:26 AM - edited ‎01-26-2023 09:26 AM

yes, as in wanting to permit/deny from the VPN pool access to/from the internet, servers, add IPS inside the VPN etc.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lauren

‎01-26-2023 10:10 AM

There is a sysopt command that is often used to exempt VPN traffic from the Access Control Policy. In your remote access VPN setup this appears under the Access Interface tab.

Reference: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/vpn-remote-access.html#task_a4z_xsz_2fb

If that is not selected, the RA VPN traffic falls under the Outside zone for purposes of creating a rule to allow it in the ACP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card