Hey folks,
I'm trying to see whether or not I'm able to limit specific traffic in/out of a cryptomap from a S2S VPN similar to an access rule on a Cisco ASA.
When you look at the Access Rules in ASDM the cryptomaps are not even visible/available. If you look under Advanced > ACL Manager the cryptomaps are visible with all current access rules but you cannot implement direction. You also see them under your Access Rules in running-config but with no in/out direction.
Is it not possible to limit what traffic you receive from a S2S VPN on a Cisco ASA? The traffic seems to bypass the firewall entirely (I don't have sysopt connection permit-vpn enabled).
I'm aware you identify interesting traffic to shove through the VPN tunnel, but I'm mainly concerned with limiting traffic received on the ASA. It would be easier for me to manage this way considering we have 9 remote sites.
I appreciate anyone who can shed some light on this for me. I'm sure there's a way, but I'm just not sure how to do it.
No comments:
Post a Comment