11-06-2023 11:41 AM
We have about 100 VPN tunnels on the FTD managed by FMC.
> All tunnels are policy based IPSec tunnels
> All tunnel "End Point" use standard ACL
> All tunnels have "sysopt permit-vpn" enabled
Now, we want the newer tunnels to have port level restrictions in addtion to IP. How can this be accomplished? I see "Access List (Extended)" under "Protected Networks:" but I am not sure if that is the best option. Please advise.
Solved! Go to Solution.
11-06-2023 01:26 PM
@Praveen Kumar ok, I think VPN filters where added to the GUI in 7.1, so you could try deploying using flexconfig or upgrade to 7.2.
11-06-2023 11:51 AM
@Praveen Kumar you can apply a VPN filter to the newer tunnels to restrict the VPN traffic on a per tunnel basis.
11-06-2023 01:16 PM
Thanks for the quick response. I forgot to mention that our FMC is on version 7.0.6.
11-06-2023 01:26 PM
@Praveen Kumar ok, I think VPN filters where added to the GUI in 7.1, so you could try deploying using flexconfig or upgrade to 7.2.
11-06-2023 02:31 PM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide