Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1455
Views
0
Helpful
0
Comments

The vpn-filter command does not restrict access on a PIX Firewall/ASA running software version 7.x when used with Cisco IOS 12.x EZVPN clients

TCC_2
Level 10
Level 10

on ‎06-22-2009 04:09 PM

Core issue

This issue is documented in Cisco bug ID CSCse96559.

This problem occurs when the vpn-filter command is applied to the group-policy for remote access IPSec clients on a PIX Firewall/Cisco Adaptive Security Appliance (ASA) running 7.2.1. This issue only affects Cisco IOS  EZVPN clients.

Resolution

As a workaround, perform these steps:

  1. Disable the sysopt connection permit-vpn command:

    hostname(config)# no sysopt connection permit-vpn

  2. Issue the access-group command in order to apply the Access Control List (ACL) to the outside interface:

    hostname(config) #access-group  <acl_out> in interface outside

    This allows the VPN users to go through the outside ACL before the internal network is accessed.
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents