Security Policies ASA 5505

I know someone else here has experience with this. Hopefully they will say something...

How are you configuring this ? Through the CLI or GUI ?

Mainly through the GUI. I have went in from time to time and done stuff through the CLI. Just curious why?

Was just wondering. I dont do Cisco anymore and i have never used the GUI and some of what you were describing sounded like you were using the GUI.

The basics for setting this up would be;

1. Setup the VPN access (which i beleive is working ok)
2. Setup a NoNAT policy for the DHCP Address that you have used for the VPN Clients
3. Allow access required. (Now, by default i beleive the ASA allows all VPN traffic to bypass any access-list filtering. You need to issue the following command to disable this behavour)

[code:1]no sysopt connection permit-vpn[/code:1]

unfortunately, i have never done this myself through but thats the steps i would take.

Cheers

Wayne

thanks. I have it pretty much working now I think. Yesterday I moved our Web and mail server to the DMZ interface that I set up. Now I am looking at the NAT and Access that is needed for everyone.

trying to make sure I get it all right. Got to be careful with the unit now that I have actual traffic rolling through it.

)

No worries, glad its all working. I will be getting hold of a Pix515 shortly so hopefully i will find some time to do testing in future

TTFN

Wayne