Hey there
We are affected by a bug on our ASA - CSCvi79999
The "workaround" is to apply acl's to only allow specified traffic over the vitrual tunnel interface.
This is more of an academic question. There appear to be 2 different ways to go about this.
One is ACL's applied in an access group on the virtual tunnel interface itself.
The other is to apply the ACL's in the form of a VPN-Filter in the tunnel group-policy configuration.
Is one better than the other? More effective? Different but equal?
Thanks!
No comments:
Post a Comment