07-26-2017 01:41 PM
Hi,
We have a L2L vpn configured and working well on our ASA 5520 firewall. We NAT all the traffic to one public IP and we are able to access everything to the remote site via the VPN tunnle.
Now, we want someone from remote site to access one Internal IP of out site, I don't know what access-list i need to implement and where I can apply that access-list.
Can anyone help me to explain how this gonna work?
The traffic will arrive the ASA on which interface? Do I need to apply an access-list on that interface? Do I need to noNAT the destnation IP which is one of our internal IPs?
Thank you.
Solved! Go to Solution.
07-26-2017 09:31 PM
Hi,
You have two options:
1. Create new tunnel group for the new remote site and make sure that only the specific IP is passed in the split tunnel ACL. This will prevent the remote site to connect to other IPs
2. You can create an ACL and assign it to same group-policy in ASA using vpn-filter command. This ACL can allow access as required
I would vote for method one.
07-26-2017 09:31 PM
Hi,
You have two options:
1. Create new tunnel group for the new remote site and make sure that only the specific IP is passed in the split tunnel ACL. This will prevent the remote site to connect to other IPs
2. You can create an ACL and assign it to same group-policy in ASA using vpn-filter command. This ACL can allow access as required
I would vote for method one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide