cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
191
Views
0
Helpful
1
Replies
Highlighted
Enthusiast

FMC Site-to-Site VPN with ACL Filter

I have configured remote access VPNs for AnyConnect using the FMC.  It was easy to apply an extended ACL as a VPN filter as the option is simply a drop-down.  So how do I accomplish the same thing with a site-to-site VPN tunnel?  Do I simply add the same rules to the access-list on the outside interface?  What happens with 'sysopt permit-vpn' where VPNs bypass the ACL.  How do I still implement a VPN filter?  From the VPN setup wizard under 'Advanced > Tunnel'

 

 Screenshot.PNG

 

Sooooooo, where do I apply the VPN filter ACL?  Keep in mind this is a site-to-site VPN, and it's between a Firepower 2100 and an unknown third party device, meaning I don't know if it's Cisco, Palo Alto, Checkpoint, Juniper, etc.

 

1 REPLY
Beginner

Re: FMC Site-to-Site VPN with ACL Filter

Hello,

 Have you found a better alternative than just adding ACEs to the interface facing the other end?

 I couldn't fine anything so far that supports this rather-basic feature. Just mentions here and there but no actual configurations steps nor workarounds. Seems misleading. Sad.

 

Thanks!

Guido

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers