Cisco Cisco ASA 5540 Adaptive Security Appliance Manual Técnica
255.255.255.0 eq 23 also allows the local network to initiate a connection to the RA client on
any TCP port if it uses a source port of 23.
any TCP port if it uses a source port of 23.
This ACE allows the local network to Telnet to the AnyConnect client:
Note: The ACE access-list vpnfilt-ra permit tcp 10.10.10.1 255.255.255.255 eq
23 192.168.1.0 255.255.255.0 also allows the RA client to initiate a connection to the local
network on any TCP port if it uses a source port of 23.
23 192.168.1.0 255.255.255.0 also allows the RA client to initiate a connection to the local
network on any TCP port if it uses a source port of 23.
Caution: The vpn-filter feature allows for traffic to be filtered in the inbound direction only
and the outbound rule is automatically compiled. Therefore, when you create an Internet
Control Message Protocol (ICMP) access-list, do not specify the ICMP type in the access-list
formatting if you want directional filters.
and the outbound rule is automatically compiled. Therefore, when you create an Internet
Control Message Protocol (ICMP) access-list, do not specify the ICMP type in the access-list
formatting if you want directional filters.
Example 2. vpn-filter with L2L VPN Connection
Assume that the remote network is 10.0.0.0/24 and the local network is 192.168.1.0/24.
This ACE allows the remote network to Telnet to the local network:
Note: The ACE access-list vpnfilt-l2l permit tcp 10.0.0.0 255.255.255.0 192.168.1.0