cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
286
Views
0
Helpful
1
Replies

network access restriction on site to site VPN.

t4tauseef33
Level 1
Level 1

Hi All,

I have created a site to site VPn between site A and Site B.

10.0.0.0/8 <> 192.168.0.0/16.

I want to restrict one IP address 10.1.1.10 from Site A to communicate to site B IP address 192.168.1.10. How can i do it on the site to site VPN. I know i can restrict it on the interface level on site A but for some reason i cannot apply it on site A. i want to apply this restrict on site B. Is there any solution for that. Your help will be appricated

1 Reply 1

t4tauseef33
Level 1
Level 1

I got the solution. Thanks

access-list 103 extended deny tcp host 172.16.1.2 host 172.22.1.2 eq 80

!--- Access list 103 is created for the VPN Filter.

!--- This access list 103 filters/denies the request from the remote host(172.16.1.2)

!--- to the local WEB Server (172.22.1.2).

access-list 103 extended permit ip any any

group-policy filter internal

group-policy filter attributes

vpn-filter value 103

!--- Create the group policy (filter)and specify the access list number

!--- in the vpn filter command.

tunnel-group 10.20.20.1 general-attributes

default-group-policy filter

!--- Associate the group policy (filter) with the tunnel group.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: