I believe if we enable the sysopt for ipsec traffics on the FW then it wont looks for interface ACL and acl will be applied by using of vpn filter on group policy profile.

My problem is like.. the user is connected on vpn from outside and trying to download the file from inside host using scp port..

problem describe

------------------------

checked the syslog server and found that few abnormal deny statements, denied by inside_inbound acl, after that checked with user, he also stated the same while doing scp from the vpn IP 10.0.0.38 to destination ip 10.0.1.157 connection got freeze and customer need to reconnect to established the session. While investigating the configuration adm profile which use admin access acl permitted between these two hosts, i.e. 10.0.1.157 and 10.0.0.38 , am wondering this flow got denied by inside_inbound acl

group-policy adm-group-policy internal

group-policy adm-group-policy attributes

vpn-idle-timeout 15

vpn-filter value adm-access

vpn-tunnel-protocol IPSec

password-storage disable

access-list adm-access remark Allowed Access

access-list adm-access extended permit ip 10.0.0.0 255.255.255.192 10.0.0.0 255.255.252.0

access-list adm-access extended deny ip any any log

ip local pool vpnpool 10.0.0.6-10.0.0.63 mask 255.255.252.0

interface configs

----------------------

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 19.24.40.15 255.255.255.0

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 10.0.0.1 255.255.252.0

access-list outside_inbound extended deny ip any any log

access-list inside_inbound extended deny ip any any log

access-group outside_inbound in interface outside

access-group inside_inbound in interface inside

Can anyone provide the resolution for this issue which be appreciate.

Thanks