Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
0
Helpful
1
Replies

FMC Site-to-Site VPN with ACL Filter

Scott Pickles
Level 4
Level 4

‎10-04-2018 06:56 PM

I have configured remote access VPNs for AnyConnect using the FMC.  It was easy to apply an extended ACL as a VPN filter as the option is simply a drop-down.  So how do I accomplish the same thing with a site-to-site VPN tunnel?  Do I simply add the same rules to the access-list on the outside interface?  What happens with 'sysopt permit-vpn' where VPNs bypass the ACL.  How do I still implement a VPN filter?  From the VPN setup wizard under 'Advanced > Tunnel'

 

 Screenshot.PNG

 

Sooooooo, where do I apply the VPN filter ACL?  Keep in mind this is a site-to-site VPN, and it's between a Firepower 2100 and an unknown third party device, meaning I don't know if it's Cisco, Palo Alto, Checkpoint, Juniper, etc.

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

ggalteroo
Level 1
Level 1

‎12-06-2018 07:27 AM

Hello,

 Have you found a better alternative than just adding ACEs to the interface facing the other end?

 I couldn't fine anything so far that supports this rather-basic feature. Just mentions here and there but no actual configurations steps nor workarounds. Seems misleading. Sad.

 

Thanks!

Guido

0 Helpful
Customers Also Viewed These Support Documents