Re: Do I need to creat an ACL to allow VPN traffic coming in on
FOr sure you have to do something :
1) Use the command Collin brought - sysopt , this basically bypasses any ACL check of decrypted traffic on WAN interface; THat is anything coming via VPN tunnel is allowed. Just one command and everything magically works;
2) Account for the decrypted traffic in existing ACL on the outside interface. In this case yes , you would see interesting traffic from remote LAN on external interface;
3) recommended by cisco way - use sysopt to exempt decrypted traffic from interface-level ACL check but use vpn filter command under group policy for specific VPN tunnel to apply ACL ONLY to decrypted traffic. Works just fine , only a bit tricky to understand what should be source and destination in the ACL (logic reversed);
Cisco Champion Radio · S7|E26 Simplify your Security with the new SecureX platform
Securing your organization is becoming increasingly complex. It may seem faster to tack on new point products to address the latest attack or protect yet another threat v...
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...