Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

best way to connect two physically separate networks for Credit Card transactions

I have two seperate networks in a data center each with their own internet connection.  Network A has many users behind the firewall as well as many servers. There is a server that currently process CC transactions. Network A is set up with an ASA 5520.


Network B will have a server that provides a web interface for outside users to go to so they can put their CC information in and this webserver will need to communicate with the CC transaction server on Network A. Network B is set up with an ASA 5510.


Would a site to site VPN between the two servers be a secure way to accomplish this?




I think you meant site-to

I think you meant site-to-site VPN between the two Asa. That would be a good design.
Hall of Fame Super Silver

Yes, site to site VPN between

Yes, site to site VPN between the two ASAs with the access-list restricted to only the minimum required addresses and protocols required to accomplish the CC transaction information exchange.

Whether or not that access-list is equivalent to the two servers depends on the application used and how your authorized users need to interact with them.

New Member

Thanks Marvin, but will an

Thanks Marvin, but will an ACL that restricts the access to just the two IPs within the VPN Tunnel be secure enough to transmit CC information accross the VPN tunnel or is there something else that can be done to futher harden it?

New Member

Hi,Yes, that would be the


Yes, that would be the good make sure you restrict with ACL and allow only authorized.

All the best


CreatePlease to create content