network access restriction on site to site VPN.

Unanswered Question
Apr 7th, 2009

Hi All,

I have created a site to site VPn between site A and Site B. <>

I want to restrict one IP address from Site A to communicate to site B IP address How can i do it on the site to site VPN. I know i can restrict it on the interface level on site A but for some reason i cannot apply it on site A. i want to apply this restrict on site B. Is there any solution for that. Your help will be appricated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
t4tauseef33 Tue, 04/07/2009 - 06:32

I got the solution. Thanks

access-list 103 extended deny tcp host host eq 80

!--- Access list 103 is created for the VPN Filter.

!--- This access list 103 filters/denies the request from the remote host(

!--- to the local WEB Server (

access-list 103 extended permit ip any any

group-policy filter internal

group-policy filter attributes

vpn-filter value 103

!--- Create the group policy (filter)and specify the access list number

!--- in the vpn filter command.

tunnel-group general-attributes

default-group-policy filter

!--- Associate the group policy (filter) with the tunnel group.


This Discussion