Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
1
Replies

Firepower Threat Defense VPN

mwuk11
Level 1
Level 1

‎12-08-2018 02:46 AM

I have a site-to-site VPN that terminates on a Firepower 2100 firewall. The host IP is specified in the VPN configuration, but a scan from outside our firewall will now show udp port 500. Is there a way to filter this, so that only the remote VPN endpoint can see udp 500?

 

Thanks for any suggestions

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-08-2018 11:33 PM

I don't believe that can be done with FTD.

 

On FTD, your standard Access Control Policies and Prefilter policies all affect traffic THROUGH the device - not traffic TO the device.

 

On ASA we had the option of adding "control-plane" keyword to an ACL entry but that option is not available on FTD.

0 Helpful
Customers Also Viewed These Support Documents