Unidirectional IPsec L2L on ASA 5520

Unanswered Question

We have a partner company that we will be doing some network monitoring for. For connectivity, we have configured an L2L IPsec VPN between our ASA 5520 and their ASA 5510, which works fine. I want to restrict the tunnel such that only return traffic from the partner network comes back to us. Is there any way to accomplish this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

I'll expand on this since noone's responded yet. The IPsec tunnel is up and working fine. What is being asked of me is to configure it to behave like a NAT firewall - that is, we will be able to hit them, but only our return traffic will be allowed back in. I've played with the filters a bit, which sort of works, but still does not do what we want.

aacquanit Wed, 01/16/2008 - 09:31
User Badges:

What about turning off sysopt ipsec and setting up acl's on the access-list you have applied to your outside interface.


This Discussion