cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Webcast SD-WAN
415
Views
0
Helpful
1
Replies
Highlighted
Beginner

Site to Site VPN and ACL on ASA

Diagram & quries attached

Everyone's tags (2)
1 REPLY 1

Re: Site to Site VPN and ACL on ASA

Hi,

When you configure IPsec on ASA all traffic that flows through the tunnel is permitted by default because of the command ''sysopt connection permit-vpn''

You can check that the command exists ''sh run all sysopt''

A way to filter traffic is to remove the command and filter with an ACL applied to the outside interface.

The best way though is to create vpn-filters to permit only the desired traffic.

Please check this link:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/vpngrp.html

Federico.