12-11-2007 05:02 PM - edited 02-21-2020 01:49 AM
We have a partner company that we will be doing some network monitoring for. For connectivity, we have configured an L2L IPsec VPN between our ASA 5520 and their ASA 5510, which works fine. I want to restrict the tunnel such that only return traffic from the partner network comes back to us. Is there any way to accomplish this?
01-02-2008 10:58 AM
I'll expand on this since noone's responded yet. The IPsec tunnel is up and working fine. What is being asked of me is to configure it to behave like a NAT firewall - that is, we will be able to hit them, but only our return traffic will be allowed back in. I've played with the filters a bit, which sort of works, but still does not do what we want.
01-16-2008 09:31 AM
What about turning off sysopt ipsec and setting up acl's on the access-list you have applied to your outside interface.
01-23-2008 09:56 AM
I have not tried that. Does that make it so IPsec tunnels do not bypass the access list?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide