Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
0
Helpful
3
Replies

Should I apply a single VPN Filter to multiple L2L VPNs, or should each VPN tunnel have their own VPN filter on an ASA?

Go to solution
jorkchristopher
Level 1
Level 1

‎05-18-2012 04:34 PM

I am currently trying to decide if when creating VPN filters, if I should just create a single one and apply it to the multiple VPN tunnels or if each VPN tunnel should have their own VPN filter. Creating a VPN filter for every VPN tunnel seems like added work but not sure if its the better choice. I have looked through documentation but they never mention applying VPN filters to multiple tunnels.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-19-2012 12:49 AM

Hello Jork,

If you add  one VPN filter for each tunnel group it will be more work but at the same thing you will have more control over the outside users attempting to connect to your network.

I would say that you will have different tunnel-groups ( each of them will have their own funcionallity ) so that is why its depending on what you are attempting to implement.

If the people that will use X tunnel-group are the same than the ones that will use Y tunnel-group then you can use the same one.

I hope I understood your question.

Regards.

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-19-2012 12:49 AM

Hello Jork,

If you add  one VPN filter for each tunnel group it will be more work but at the same thing you will have more control over the outside users attempting to connect to your network.

I would say that you will have different tunnel-groups ( each of them will have their own funcionallity ) so that is why its depending on what you are attempting to implement.

If the people that will use X tunnel-group are the same than the ones that will use Y tunnel-group then you can use the same one.

I hope I understood your question.

Regards.

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
jorkchristopher
Level 1
Level 1
In response to Julio Carvajal

‎05-21-2012 04:14 PM

Hi Julio,

I think I'm leaning towards creating a VPN filter for each IPsec L2L tunnel because I can name them to refer to what they are being used for. If I create a single VPN filter for all of the tunnels, it would be hard to keep track of of what every single ACE is for.

Thanks!

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to jorkchristopher

‎05-21-2012 04:30 PM

Hello Jork,

That is correct, in fact that would be the best suggestion I could have provided you.

Is there something else I can do for you, if not please mark the question as answered.

Have a wonderful day.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents