04-15-2010 09:33 AM
Hi,
I am creating VPN tunnel between ASA and Cisco VPN Concentrator 3000. I have control on VPN Concentrator.
I have allowed the IP traffic for interesting traffic on Tunnel. I am looking for ACL Filter on tunnell in inbound direction. Our network on 20.x.x.x & Client ASA netowrk is 10.x.x.x.
I am little bit confused with Concentrator. I have allowed Inbound subnet 10.x.x.x to reach our netwoek 20.x.x.x on Port-80. Should I allow the reverse traffic towards outbound also. Please help.
04-15-2010 11:20 AM
Hi,
Under the group you create the appropiate filter to allow only the desired traffic.
How have you set it up?
What's the result? The filter is not working?
Federico.
04-15-2010 11:47 AM
I have allowed interesting traffic with whole IP for source and destination subnet , that is ok. This is not my concerned. So there is no problem in Tunnell configuration.
I am looking for filter like remote network 10.x.x.x can only browse our network 20.x.x.x for http request. I have applied filter on inbound direction. My concern is, should I open reverse traffic on outbound direction also?
04-15-2010 12:06 PM
It's been a while since the last concentrator, but I remember that you should permit http on both directions.
So, you create an inbound and outbound filter to allow the web transactions between those IPs.
Have you tested the filer already?
Federico.
04-15-2010 12:10 PM
so one acl will INBOUND -- source 10.x.x.x, Source port- any, Destination- 20.x.x.x, Destination port- 80
OUTBOUND- source 20.x.x.x, Source port- 80, Destination- 10.x.x.x, Destination port- any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide