Anyone know much about Cisco IPSEC VPN Filters? They don't appear to work like a regular ACL.
First of all I have the VPN Filter assigned and working. From what I can gather the ACL's are bi-directional with only one ACE entry. What I'm noticing though is Deny doesn't seem to take precedence over allow no matter what order you put the ACE's in.
I also read that when specifying ACL's for VPN filters you should specify the remote network first.
E.g.
ACE Denying 192.168.1.10 -> 192.168.2.0/24
ACE Allowing 192.168.1.0/24 (Remote Network) -> 192.168.2.0/24 (Local)
Even though the Deny is first, because I have the bi-directional allow all rule the deny does nothing.
Anyone have more experience with VPN filters that might be able to clarify.
First of all I have the VPN Filter assigned and working. From what I can gather the ACL's are bi-directional with only one ACE entry. What I'm noticing though is Deny doesn't seem to take precedence over allow no matter what order you put the ACE's in.
I also read that when specifying ACL's for VPN filters you should specify the remote network first.
E.g.
ACE Denying 192.168.1.10 -> 192.168.2.0/24
ACE Allowing 192.168.1.0/24 (Remote Network) -> 192.168.2.0/24 (Local)
Even though the Deny is first, because I have the bi-directional allow all rule the deny does nothing.
Anyone have more experience with VPN filters that might be able to clarify.