Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1107
Views
5
Helpful
1
Replies

vpn filter

Go to solution
suthomas1
Level 6
Level 6

‎03-25-2019 07:46 PM - edited ‎02-21-2020 08:58 AM

Hello,

When clients over anyconnect try to access services via ASA, do they use the vpnfilter first or is it the ACL on interfaces that apply first?

I am confused between vpnfilter & interface ACL ,  both are present in our case.

 

Appreciate all help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-26-2019 02:54 AM

Hi,

If you have the command sysopt connection permit-vpn (which is enabled by default), then the interface ACLs will be ignored for VPN traffic - thus permitting all VPN traffic by default. If you have the VPN Filter configured, then this ACL will be restricting the traffic.

 

HTH

View solution in original post

1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎03-26-2019 02:54 AM

Hi,

If you have the command sysopt connection permit-vpn (which is enabled by default), then the interface ACLs will be ignored for VPN traffic - thus permitting all VPN traffic by default. If you have the VPN Filter configured, then this ACL will be restricting the traffic.

 

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card