Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Site-to-site VPN One way access?

Hi

We have a Cisco ASA 5510 at our main office that makes connection with a 5505 at our other office using site to site VPN. (works)

Now for the qeustion,

we want to access our other office from the main office but we wont want them to have access to our servers etc.

so bassicly we want to control them but they shouldnt have the rights to control us.

is this possible with a site to site VPN? and how to do it

thanks already

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Site-to-site VPN One way access?

You just need to configure an access list on the inside interface that either permits or denies traffic from the remote subnet.

Sent from Cisco Technical Support iPad App

7 REPLIES

Re: Site-to-site VPN One way access?

You just need to configure an access list on the inside interface that either permits or denies traffic from the remote subnet.

Sent from Cisco Technical Support iPad App

Community Member

Site-to-site VPN One way access?

I have already tried that, but then i wasnt able to connect to them from the main office. i'm gonna try it again ill let you know if it worked. thanks for the reply

Community Member

Re: Site-to-site VPN One way access?

Hi,

Create a ACL in your office to deny traffic from your branch to your office.

Also create a ACL in your branch office to permit traffic from your office to your branch.

Also bind this ACL to the outside interface of the ASA.

hope this helps

Thanks

Thanks and Regards, Vipin

Re: Site-to-site VPN One way access?

You can use VPN-filter which is basically ACL control traffic on VPN tunnel.

https://supportforums.cisco.com/message/3510743#3510743

Community Member

Site-to-site VPN One way access?

Ok i got i working now, i can rdp them but they cant rdp us so thats good thanks alot!

Site-to-site VPN One way access?

Glad to help.

Community Member

Re: Site-to-site VPN One way access?

Thanks

Met vriendelijke groet,

Jan Heskes

Directeur

Bastion ICT

Dichtbij en persoonlijk

Industrieweg 30c

4283 GZ Giessen

T: 0183 – 822 801

F: 0183 – 822 804

M: j.heskes@bastionict.nl

W : www.bastionict.nl<>

De informatie verzonden in dit e-mailbericht is vertrouwelijk en is uitsluitend bestemd voor de geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is, behoudens voorafgaande schriftelijke toestemming van Bastion ICT niet toegestaan.

Denk aan het milieu voordat u deze e-mail uitprint.

Van: andrew.prince@monster.com

Verzonden: dinsdag 13 december 2011 14:14

Aan: Jan Heskes

Onderwerp: - Re: Site-to-site VPN One way access?

Home<>

Re: Site-to-site VPN One way access?

created by Andrew Prince<> in Firewalling - View the full discussion<>

1775
Views
3
Helpful
7
Replies
CreatePlease to create content