Hi,

I have a problem with a vpn-filter. I am using an ASA 5520. In the VPN ACL, the traffic to be encrypted, I have VPN acl:

access-list VPN line 1 extended permit ip 172.16.11.0 255.255.255.0 host 172.16.20.80
access-list VPN line 2 extended permit ip 172.16.11.0 255.255.255.0 host 172.16.20.82 
access-list VPN line 3 extended permit ip 172.16.11.0 255.255.255.0 host 172.16.20.84
access-list VPN line 4 extended permit ip 172.16.11.0 255.255.255.0 host 172.16.20.90
access-list VPN line 5 extended permit ip 172.16.11.0 255.255.255.0 host 172.16.20.78

This works very good. But now I want to restrict traffic and alllow only few tcp ports. I added next commands:

access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.78 eq http
access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.78 eq 3333
access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.78 eq 4444
access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.80 eq http
access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.80 eq 3333
access-list Allow_TCP_Only extended permit tcp 172.16.11.0 255.255.255.0 host 172.16.20.80 eq 4444

group-policy Filter_TCP internal
group-policy Filter_TCP attributes
vpn-filter value Allow_TCP_Only

tunnel-group 1.1.1.1 general-attributes
default-group-policy Filter_TCP

And now, the connection doesn't work.Tunnel is created but traffic is blocked?

Any help appreciated.

Thanks!