Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
3
Replies

Cisco ASA 5520 8.3 w/ ASDM 6.4 Filter VPN Traffic to certain subnets

gregorysieg
Level 1
Level 1

‎04-19-2012 12:46 PM

Hello,

I am trying to find documentation on filtering VPN traffic on a Cisco ASA 5520.  I have found limited documentation that seems to be more related to older versions or even "PIX" devices that doesn't seem to match up with what I have.  Basically I have 2 vendors that would like VPN access into my network for easier access to their devices.  Each Vendor has a specific Vlan they are assigned to so I wanted to just give them full access to that address range and nothing else.  Any help would be greatly appreciated.

Thanks

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎04-19-2012 01:49 PM

Hello,

What kind of VPN are you going to use: Site to Site, remote access Ipsec or anyconnect?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

gregorysieg
Level 1
Level 1
In response to Julio Carvajal

‎04-20-2012 04:54 AM

Yes sorry, I am trying to setup a remote access session, most likely SSL/Anyconnect.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to gregorysieg

‎04-20-2012 05:11 AM

Hi,

Theres atleast 3 ways to do what you are trying to achieve.

  • You can use split-tunneling to define the networks visible/usable for the remote user in the group-policy of the VPN connections.
  • You can use a VPN filter access-list to define what traffic you want to allow to the mentioned networks (if you dont want to allow all traffic)
  • You can make the ASA behave so that all connections coming from OUTSIDE interface will be checked against the OUTSIDE interface access-list (Even the VPN Client or L2L VPN connections). Personally I like to use this option

Do you have any existing VPN connections on the ASA at  the moment?

I dont have a link to the documentation at the moment, though I think I could find you one. I can also give you example configurations if you need.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents