Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
204
Views
0
Helpful
1
Replies

Limiting access to certain servers with a site to site vpn between two ASA devices

pbridges1
Level 1
Level 1

‎01-02-2014 12:53 PM

We recently lost our CISCO admin and I have to setup a site to site vpn connection with another company and was looking at the site to site vpn wizard. This looks fairly self-explanatory but I had a question, can I limit the access to a certain server and can I do it through the wizard? Can I choose a server as the local network on step 5 (Hosts and Networks) will this accomplish what I am trying to do?

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-03-2014 12:16 AM

William,

You are free to limit the traffic selectors to whatever Subnet/Host/IP protocol/port you wish (both source and destination)

However bare that in mind:

- Keep the ACLs as specific as possible

- Aggregarte the ACLs whenever possible.

There is a balancing act there to be done. More access list entries will mean (potentially) more IPsec SAs with all the good and bad things which come from it.

Another way of achieving what you're looking for is using vpn-filter funcionality.

http://www.cisco.com/en/US/docs/security/asa/command-reference/v.html#wp1842564

It allows you to associate an access list which will filter inbound traffic only.

M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents