Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
2
Replies

Limiting Incoming VPN traffic

gecko2207
Level 1
Level 1

‎01-15-2007 12:18 PM - edited ‎03-11-2019 02:19 AM

I have the following problem:

I have a vpn that I need to set up with a remote office. The purpouse of this VPN is to be able to support the servers and PCs at the remote office, so the main office needs access to the whole IP range (ie. 192.168.0.0 255.255.255.0). Now while I want to be able to have full access from the main office to the remote office, I don't want the remote office to be able to access any of the machines at the main office.

My question is then, can I restrict the VPN traffic to only one way? If I have an outside_cryptomap_# access-list set up to allow the traffic over the VPN, can I then restrict it further by adding a deny in my outside_access_in access-list, or does it just skip those all together?

Labels:
0 Helpful
2 Replies 2

gecko2207
Level 1
Level 1

‎01-15-2007 12:22 PM

To update...

The devices that will be terminating the VPN will be PIX 515s software version 7.1(1). I need to be able to restrict with commands on the main office PIX because the remote office PIX is accessible by other technicians.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎01-15-2007 12:24 PM

The only way I have heard of ACL'ing VPN traffic on the same box as the VPN end point is to use a loopback interface and PBR. I've never done it though. A firewall of course could take care of it for you. Hopefully if there is a better way someone will post it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card