Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Allow/Deny Ports over site2site vpn

Hi All,

I'm in the planning stages of setting up a site2site between my asa5520, and the business partner's checkpoint ngx60.

His config sheet specifies allowed ports (ICMP/HTTP) to traverse the vpn, in addition to the ip's/interesting traffic. Can I do the same with the ASA?

Thanks!

1 REPLY
Cisco Employee

Re: Allow/Deny Ports over site2site vpn

Hello,

Yes - you can do that using the command called as vpn-filter under the group-policy.

What you need to do is,

a. Create a specific group-policy

b. Create a specific vpn-filter & the access-list

c. Apply the filter to the group-policy

d. Apply the group-policy to the tunnel-group.

Hope this helps.

Thanks

Gilbert

128
Views
0
Helpful
1
Replies
CreatePlease to create content