I believe if we enable the sysopt for ipsec traffics on the FW then it wont looks for interface ACL and acl will be applied by using of vpn filter on group policy profile.
My problem is like.. the user is connected on vpn from outside and trying to download the file from inside host using scp port..
checked the syslog server and found that few abnormal deny statements, denied by inside_inbound acl, after that checked with user, he also stated the same while doing scp from the vpn IP 10.0.0.38 to destination ip 10.0.1.157 connection got freeze and customer need to reconnect to established the session. While investigating the configuration adm profile which use admin access acl permitted between these two hosts, i.e. 10.0.1.157 and 10.0.0.38 , am wondering this flow got denied by inside_inbound acl
group-policy adm-group-policy internal
group-policy adm-group-policy attributes
vpn-filter value adm-access
access-list adm-access remark Allowed Access
access-list adm-access extended permit ip 10.0.0.0 255.255.255.192 10.0.0.0 255.255.252.0
access-list adm-access extended deny ip any any log
ip local pool vpnpool 10.0.0.6-10.0.0.63 mask 255.255.252.0
ip address 184.108.40.206 255.255.255.0
ip address 10.0.0.1 255.255.252.0
access-list outside_inbound extended deny ip any any log
access-list inside_inbound extended deny ip any any log
access-group outside_inbound in interface outside
access-group inside_inbound in interface inside
Can anyone provide the resolution for this issue which be appreciate.