cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
3
Replies

Unidirectional IPsec L2L on ASA 5520

jwilson
Level 1
Level 1

We have a partner company that we will be doing some network monitoring for. For connectivity, we have configured an L2L IPsec VPN between our ASA 5520 and their ASA 5510, which works fine. I want to restrict the tunnel such that only return traffic from the partner network comes back to us. Is there any way to accomplish this?

3 Replies 3

jwilson
Level 1
Level 1

I'll expand on this since noone's responded yet. The IPsec tunnel is up and working fine. What is being asked of me is to configure it to behave like a NAT firewall - that is, we will be able to hit them, but only our return traffic will be allowed back in. I've played with the filters a bit, which sort of works, but still does not do what we want.

What about turning off sysopt ipsec and setting up acl's on the access-list you have applied to your outside interface.

I have not tried that. Does that make it so IPsec tunnels do not bypass the access list?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: