Cisco Support Community
Community Member

RV042 VPN site to site access rule help needed

Hello All-

I'm new to the forum so please forgive me if I broke any etiquette.  I have two remote sites.  They each have a RV042 VPN router.  The subnet for one site is 190.200.10.X and the other site is 190.200.85.x.  I only want IP address range to be able to access IP address  I've tried created access rules but they do not work.  I have servers in each building and I only want the servers to talk to each other through the VPN tunnel and nothing else.  Do the access rules apply only to traffic from the WAN and therefore not apply to a "trusted VPN connection"?  If so, is there anyway to accomplish what I want to do?

Thank you!


Community Member

Re: RV042 VPN site to site access rule help needed


It sounds as though you need ACLs that will filter LAN to LAN traffic. The main thing you want to keep in mind when writing these, is make sure you deny traffic coming from a specific source (being the other lan) to the destination. The WAN ip addressing is not involved when doing vpn connections and ACLs.


Cisco Employee

Re: RV042 VPN site to site access rule help needed

Sorry for butting in....

Have you tried to create the VPN tunnel using the "local" and "remote" security groups as RANGE rather than SUBNET? really that should do exactly what you are describing.

When that is configured, the IPSec tunnel does two things,

1. Only allows traffic from IPs defined in the tunnel (both WAN and LAN source and destination) -- this is the ACL

2. Creates a route statement for all allowed devices through the tunnel.

Try this first and let us know, if you already did this please post a log.

CreatePlease to create content