Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
4
Replies

cisco ASA VPN remote access

Go to solution
farooq_0923@hotmail.com
Level 1
Level 1

‎10-14-2014 08:44 PM - edited ‎02-21-2020 07:52 PM

Hi Guys

 

I have couple of question in regards to remote access vpn and logging vpn traffic. Can someone please advise how can i capture decrypted traffic for remote access vpn client on firewall. right now firewall has any source any dest and any service access list associated with tunnel group (not interface access list) but the default group policy one. i don't know what kind of traffic is coming from remote vpn machine and i want to  capture and create more specfic acl and associate that with tunnel group via vpn filter so no any's are allowed.

I have also load balancing configured for vpn and i know if i add vpn filter via group policy and add it to default group it can cause downtime but since i have vpn load balancing configured it shoudnt affect remote client. Am i right ?

 

regards

F

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to farooq_0923@hotmail.com

‎10-15-2014 01:29 PM

There is no load balancing with active/standby (standby really means "only standby"!). And there isn't even RA-VPN with active/active.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
farooq_0923@hotmail.com
Level 1
Level 1

‎10-14-2014 09:33 PM

also can someone explian as in active standby only one is passing traffic so how vpn load balancing is supported as active active doesnt support vpn not atleast in 8.4......thanks

0 Helpful

Go to solution
farooq_0923@hotmail.com
Level 1
Level 1
In response to farooq_0923@hotmail.com

‎10-15-2014 12:08 PM

Hi 

 

thanks for reply but still confuse how to achieve vpn load balancing with active standby or active active feature..thanks

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to farooq_0923@hotmail.com

‎10-15-2014 01:29 PM

There is no load balancing with active/standby (standby really means "only standby"!). And there isn't even RA-VPN with active/active.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎10-14-2014 10:53 PM

I don't think that you can capture based on the tunnel-group. You can configure your capture on the inside interface and restrict with capture-ACLs what you want to see.

For VPN load balancing:

On an active-standby pair, it's not possible to loadbalance traffic between the active and the standby unit. Load is only shared between the configured load-balancing members. But an active/standby pair can be used as a loadbalancing member. But for that member, only the active unit processes traffic. The benefit of this setup is that the client doesn't need to reconnect when the active unit fails. I normal VPN loadbalancing, all VPN sessions drop when the particular member fails.

0 Helpful
Customers Also Viewed These Support Documents