Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
1
Replies

Allow/Deny Ports over site2site vpn

jcw009
Level 1
Level 1

‎01-23-2009 12:44 PM

Hi All,

I'm in the planning stages of setting up a site2site between my asa5520, and the business partner's checkpoint ngx60.

His config sheet specifies allowed ports (ICMP/HTTP) to traverse the vpn, in addition to the ip's/interesting traffic. Can I do the same with the ASA?

Thanks!

Labels:
0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎01-24-2009 07:04 AM

Hello,

Yes - you can do that using the command called as vpn-filter under the group-policy.

What you need to do is,

a. Create a specific group-policy

b. Create a specific vpn-filter & the access-list

c. Apply the filter to the group-policy

d. Apply the group-policy to the tunnel-group.

Hope this helps.

Thanks

Gilbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents