cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
833
Views
0
Helpful
1
Replies

ACLs and l2TP connection question

Leiocalyx
Level 1
Level 1

Hello everyone.

 

I am trying to better understand how Cisco ASA VPN connections work.

 

I have an address pool for l2tp ipsec vpn connections to use. The clients can connect to the vpn (on the Outside interface) and get an address from this pool which is okay.

 

My questions are:

When a client connects, which ACLs are active for that connection?

Is the connected client considered to be part of the Outside interface?

Should I use General ACLs? (because it seems that interface ACLs don't have any effect)

 

ASA 5508, 9.9(3) if that makes any difference.

1 Reply 1

Hi,

With the command sysopt connection permit-vpn which is enabled by default, interface ACLs will be ignored for traffic traversing the VPN tunnel, therefore permitting all traffic over the VPN tunnel.

 

You should look to implement VPN FIlter, more information here and here.

 

HTH