Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Limited access over STS Tunnel

Hello Experts,

I need some assistance to provide limited access from remote to local machines over STS Tunnel. The STS Tunnel is estlablished between two sites and I want that remote machine can access only few machines with specific ports.

Lets say 192.168.0.0/24 is a subnet of Local site and 192.168.10.0/24 is a subnet of remote location and now I want only tcp/9001 port be allowed from remote to local machines and tcp/8001 port be allowed from local to remote machines.

For this, I have allowed the traffic in cryto map access lists but exempt the network from source to destination on Inside interface and it's working in correct manner but if somebidy allow the IP protocol at remote firewall in cryto access list then the remote machines would have complete access of local machines that I want to restrict and I need your assist on this.

Thanks.

2 REPLIES
Silver

Limited access over STS Tunnel

Hi Ray,

Best way to restrict the traffic across vpn is to configure vpn-filters.

You can get more information regarding vpn-filters from following link:-

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml#configss

Please let me know if it helps.

Regards,

Naresh

Cisco Employee

Limited access over STS Tunnel

Hi Ray,

Naresh is absolutely right.

The best way to restrict the access on the basis of port is VPN filter.

Please go through the link that naresh has provided and if you have any question please feel free to contact.

Thanks

Jeet

108
Views
5
Helpful
2
Replies
CreatePlease to create content