10-07-2009 05:21 AM
hello,
I'm setting up an ASA 5550 as a VPN concentrator, so clients connect to my Web Server in the inside of the ASA. all things seem worked properly ( Client can access the Server), the problem that I have is when I configure an ACL to authorize just the port 80 (http/www) and deny all other traffic,I note that the ACL doesn't work, I mean I still have full access to the server from the client.
this is the config that I did:
access-list inside_access_out extended permit tcp 10.20.0.0 255.255.255.0 192.168.200.100 eq www
access-list inside_access_out extended deny ip any any
access-group inside_access_out out interface inside
I tried also to do the following but I noted the same problem:
access-list inside_access_in extended permit tcp host 192.168.200.100 eq www 10.20.0.0 255.255.255.0
access-list inside_access_in extended deny ip any any
access-group inside_access_in in interface inside
Could someone help me to resolve this issue?
Best regards/.
Ismail
Solved! Go to Solution.
10-07-2009 08:20 AM
Where is the crypto map applied? Are you trying to filter inbound or outbound traffic?
By default, when the following command is enabled:
sysopt connection permit-vpn
VPN Traffic will bypass any configured rules on the interface that the crypto map is applied to.
I would suggest using VPN-filters:
10-07-2009 08:20 AM
Where is the crypto map applied? Are you trying to filter inbound or outbound traffic?
By default, when the following command is enabled:
sysopt connection permit-vpn
VPN Traffic will bypass any configured rules on the interface that the crypto map is applied to.
I would suggest using VPN-filters:
10-07-2009 01:49 PM
thanks,
your post was extremely helpful for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide