How I setup on ASA to allow only specific IPs ( peer IPs ) to connect ASA by remote access VPN( IPsec VPN client S/W).
Due to the remote access VPN, I had setup assigned IP to remote access VPN client during dialin.
I try to use the IPv4 Filter, but I was failed always.
As the Crypto is enabled on 'outside' interface, I don't think there is a way to restrict on ASA itself by ACL. But if you have router in front of ASA, you can use ACL to restrict the access.
It is doable on ASA.
You need to use crypto dynamic-map and set it to specific peer only, see example below for ikev2:
crypto dynamic-map DYNMAP 65005 set peer 220.127.116.11
crypto dynamic-map DYNMAP 65005 set ikev2 ipsec-proposal IKEv2-IPSEC-PROPOSAL
Yes, it is possible, just use the control-plane feature.
Do a research, in case of doubts please let me know.
Sent from Cisco Technical Support Android App
Yes. You can have the ACL created for inbound (outside to inside) where you can mention the specific IP's that needs to be applied to the box instead of only on the interface.
access-group outside_in interface outside control-plane
Try this and check.
Please do rate if the given information helps.
In case you do not have any further questions, please rate any helpful posts and mark this question as answered.
There is no answer to that question. Only control-plane mention without examples which still doesn't work for me. Please provide working examples on how to allow ONLY certain IPs to access IPsec. Basic cheap firewalls provide that feature out of the box, but not ASA.