Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

deny remote lan in l2l

HI

I want to deny remote lan access of my lan and want to access remote lan. is there any way to deny.

I have l2l tunnel between pix and asa

1 REPLY

Re: deny remote lan in l2l

Hi,

On a normal IPsec L2L tunnel all IP traffic is permitted to flow through the tunnel.

If you remove the command ''sysopt connection permit-ipsec'' then all traffic is checked by the outside ACL (you can filter the traffic that you need).

A better way is to use vpn-filter ACLs to allow only the desired traffic through the tunnel.

Federico.

176
Views
0
Helpful
1
Replies
CreatePlease to create content