Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

One Way VPN Connection

Is there any way to make a one way vpn connection as i do not want the ppl from other side to access this side network

4 REPLIES

Re: One Way VPN Connection

Hi,

There is no such thing a one way vpn, think about the return traffic (you need it for TCP to work, ICMP etc.). Build the VPN normally and carefully construct an access ACL.

Please rate if this helped.

Regards,

Daniel

New Member

Re: One Way VPN Connection

What access lists to apply to stop the 2nd end to access my network

New Member

Re: One Way VPN Connection

What access lists to apply to stop the 2nd end to access my network

Re: One Way VPN Connection

Hi,

A separate ACL than the crpyto one, but a better way is to use the NAT.

The easiest way if you have a PIX on the network that will be permitted, is to NAT traffic (no NAT 0, no STATIC). This way the other end (LAN) will not be able to initiate connections to pass the firewall, as only the return traffic will be allowed.

A router will do the trick also.

A much difficult way:

If you manage the device on the end you want to restrict traffic, you will put an ACL that will permit only the response traffic.

If PIX: deny any any on inside interface , but STATIC nat added, will allow only replyes to the VPN tunnel to be sent from that LAN, not the initiating connections.

If Router: CBAC and deny any on the LAN interface, or deny and permit established if the IOS is not supporting CBAC.

Please rate if this helped.

Regards,

Daniel

150
Views
0
Helpful
4
Replies
CreatePlease to create content