Wednesday, December 13, 2017

Setting up MAC Filtering on ASA 5506-X bridged virtual interface

I am building a lab for my company's future ASA 5506-X [9.8(2)] deployments [Replacing the 881 router] to run Easy VPN back to our campus. We will have a couple of clients in the 'Inside' bridged ports that will reach out back to our main campus. A huge security flaw with EZVPN is that any Joe can take the firewall home and connect to our remote network, so we use MAC Filtering. A problem I have seen is that I don't see how MAC filtering can be applied to the BVI. The Cisco rep I have been emailing with has not been that helpful, either.

Is there some network magicks for this? The easy solution would be to not use a BVI and use a switch, but we want to replace switches with the free ports on the 5506-X.

Thanks in advance!



No comments:

Post a Comment