Agree in that you would apply this ACL to your IPv4 peers, and filter further by sending them a split-tunnel (not advised) /32 route.
Regards,
Jay McMickle- CCIE #35355
Sent from iJay
On May 8, 2012, at 10:10 AM, Joe Astorino <joeastorino1982_at_gmail.com> wrote:
> What type of VPN platform? If you are terminating VPN on the ASA, the
> outside ACL will not apply to the VPN traffic by default, as
> everything is allowed by default per "sysopt connection permit-vpn" .
> If that is the case, you can filter at the ASA by adding a vpn-filter
> ACL tied to the group-policy.
>
> On Tue, May 8, 2012 at 10:43 AM, amin <amin_at_axizo.com> wrote:
>> Hi experts,
>>
>>
>>
>> How I can apply an access-list (access rule) to my VPN clients according to
>> their pool address, I make it and try to apply it to the outside in, and to
>> the inside out, but in both cases it didn't take effect to restrict them to
>> certain applications and deny other applications to them.
>>
>> Is there any good way to apply such a technique that restrict the VPN
>> clients just to SQL and restrict other type of access?
>>
>>
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Regards,
>
> Joe Astorino
> CCIE #24347
> http://astorinonetworks.com
>
> "He not busy being born is busy dying" - Dylan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 08 2012 - 17:01:41 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART