05-17-2007 07:53 AM - edited 03-11-2019 03:16 AM
I have an ASA 5520 7.2 (I bleieve)
I am allowing an Ipsec tunnel thru this firewall, but the ASA itself is not an endpoint for this tunnel. Is it possible to filter the traffic that goes thru the tunnel and if so how?
All I really want to do is limit the devices allowed to use this tunnel ie allow IP 1 to IP 2 and drop everything else.
Thanks in advance.
05-17-2007 08:09 AM
Could you explain, is the vpn client inside or outside the firewall? What is the endpoint? As long as you don't want to filter traffic once the tunnel is established you should be able write a simple access-list to restrict which ip addresses are able to vpn. Also, is this remote access or lan to lan?
05-17-2007 09:12 AM
This is a lan to lan static tunnel.
Filtering traffic that is traveling thru the established tunnel is what I am trying to accomplish.
The endpoints are 2 devices by a company called SonicWall. The tunnel simply passes thru my firewall and I don't have access to the other devices to insure the security I desire.
05-18-2007 09:37 AM
Chris
If an encrypted VPN site to site tunnel is passing through your firewall I do not know of any way that you can examine or filter that traffic. Part of the purpose of IPSec VPN is that no intermediate device along the VPN path can see the data being transported.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide