cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
195
Views
0
Helpful
1
Replies
Highlighted
Beginner

ACLs and l2TP connection question

Hello everyone.

 

I am trying to better understand how Cisco ASA VPN connections work.

 

I have an address pool for l2tp ipsec vpn connections to use. The clients can connect to the vpn (on the Outside interface) and get an address from this pool which is okay.

 

My questions are:

When a client connects, which ACLs are active for that connection?

Is the connected client considered to be part of the Outside interface?

Should I use General ACLs? (because it seems that interface ACLs don't have any effect)

 

ASA 5508, 9.9(3) if that makes any difference.

Everyone's tags (6)
1 REPLY 1
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: ACLs and l2TP connection question

Hi,

With the command sysopt connection permit-vpn which is enabled by default, interface ACLs will be ignored for traffic traversing the VPN tunnel, therefore permitting all traffic over the VPN tunnel.

 

You should look to implement VPN FIlter, more information here and here.

 

HTH