05-17-2007 07:53 AM - edited 03-11-2019 03:16 AM
I have an ASA 5520 7.2 (I bleieve)
I am allowing an Ipsec tunnel thru this firewall, but the ASA itself is not an endpoint for this tunnel. Is it possible to filter the traffic that goes thru the tunnel and if so how?
All I really want to do is limit the devices allowed to use this tunnel ie allow IP 1 to IP 2 and drop everything else.
Thanks in advance.
05-17-2007 08:09 AM
Could you explain, is the vpn client inside or outside the firewall? What is the endpoint? As long as you don't want to filter traffic once the tunnel is established you should be able write a simple access-list to restrict which ip addresses are able to vpn. Also, is this remote access or lan to lan?
05-17-2007 09:12 AM
This is a lan to lan static tunnel.
Filtering traffic that is traveling thru the established tunnel is what I am trying to accomplish.
The endpoints are 2 devices by a company called SonicWall. The tunnel simply passes thru my firewall and I don't have access to the other devices to insure the security I desire.
05-18-2007 09:37 AM
Chris
If an encrypted VPN site to site tunnel is passing through your firewall I do not know of any way that you can examine or filter that traffic. Part of the purpose of IPSec VPN is that no intermediate device along the VPN path can see the data being transported.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: