Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
1
Replies

network access restriction on site to site VPN.

t4tauseef33
Level 1
Level 1

‎04-07-2009 06:24 AM - edited ‎02-21-2020 04:12 PM

Hi All,

I have created a site to site VPn between site A and Site B.

10.0.0.0/8 <> 192.168.0.0/16.

I want to restrict one IP address 10.1.1.10 from Site A to communicate to site B IP address 192.168.1.10. How can i do it on the site to site VPN. I know i can restrict it on the interface level on site A but for some reason i cannot apply it on site A. i want to apply this restrict on site B. Is there any solution for that. Your help will be appricated

Labels:
0 Helpful
1 Reply 1

t4tauseef33
Level 1
Level 1

‎04-07-2009 06:32 AM

I got the solution. Thanks

access-list 103 extended deny tcp host 172.16.1.2 host 172.22.1.2 eq 80

!--- Access list 103 is created for the VPN Filter.

!--- This access list 103 filters/denies the request from the remote host(172.16.1.2)

!--- to the local WEB Server (172.22.1.2).

access-list 103 extended permit ip any any

group-policy filter internal

group-policy filter attributes

vpn-filter value 103

!--- Create the group policy (filter)and specify the access list number

!--- in the vpn filter command.

tunnel-group 10.20.20.1 general-attributes

default-group-policy filter

!--- Associate the group policy (filter) with the tunnel group.

0 Helpful
Customers Also Viewed These Support Documents