HI all We can apply vpn-filter to group policy and associate to a tunnel-group. Here we can't sepcify the direction which means that the ACL will be applied to inbound or outbound.
But I see that the ACL is effective to only inbound traffic not outbound With the following ACL, only inbound telnet is successful but the outbound fails access-list mine2 extended permit tcp any any eq telnet group-policy mine internal group-policy mine attributes vpn-filter value mine2 tunnel-group kingtunnel general-attributes default-group-policy mine tunnel-group kingtunnel ipsec-attributes peer-id-validate cert trust-point mine Only, if I configure the following both inbound and outbound telnet is successful. access-list mine2 extended permit tcp any any eq telnet access-list mine2 extended permit tcp any eq telnet any This is really strange and not makinf sense. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
