Техническая Инструкция для Cisco Cisco ASA 5545-X Adaptive Security Appliance

This document describes VPN filters in detail and applies to LAN-to-LAN (L2L), the Cisco VPN
Client, and the Cisco AnyConnect Secure Mobility Client.

Filters consist of rules that determine whether to allow or reject tunneled data packets that come
through the security appliance, based on criteria such as source address, destination address, and
protocol. You configure Access Control Lists (ACLs) in order to permit or deny various types of
traffic. The filter can be configured on the group policy, username attributes, or Dynamic Access
Policy (DAP).

DAP supersedes the value configured under both username attributes and group policy. The
username attribute value supersedes the group policy value in case DAP does not assign any
filter.

Cisco recommends that you have knowledge of these topics:

L2L VPN tunnels configuration

●

VPN Client Remote Access (RA) configuration

●

AnyConnect RA configuration

●

The information in this document is based on the Cisco 5500-X Series Adaptive Security
Appliance (ASA) Version 9.1(2).

The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is