Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Unidirectional IPsec L2L on ASA 5520

We have a partner company that we will be doing some network monitoring for. For connectivity, we have configured an L2L IPsec VPN between our ASA 5520 and their ASA 5510, which works fine. I want to restrict the tunnel such that only return traffic from the partner network comes back to us. Is there any way to accomplish this?

  • Other Security Subjects
3 REPLIES
New Member

Re: Unidirectional IPsec L2L on ASA 5520

I'll expand on this since noone's responded yet. The IPsec tunnel is up and working fine. What is being asked of me is to configure it to behave like a NAT firewall - that is, we will be able to hit them, but only our return traffic will be allowed back in. I've played with the filters a bit, which sort of works, but still does not do what we want.

New Member

Re: Unidirectional IPsec L2L on ASA 5520

What about turning off sysopt ipsec and setting up acl's on the access-list you have applied to your outside interface.

New Member

Re: Unidirectional IPsec L2L on ASA 5520

I have not tried that. Does that make it so IPsec tunnels do not bypass the access list?

175
Views
0
Helpful
3
Replies
This widget could not be displayed.