Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

ios router to asa - one way vpn

mulhollandm
Level 1
Level 1

‎01-03-2012 04:16 PM

folks

i'm setting up a vpn with traffic initiated from clients behind a 2800 router to a web server behind a remote asa

i've a small lab in gns3 with a router to router setup first and then with router to asa which i'm using to test configs

my query is how to configure the setup to only allow traffic initiated from the clients behind the router

i've saw the set connection option for the asa but in the production environment i won't have access to the asa as its managed by a third party so i can't rely on them securing the connection to my design/configuration

i've checked the crypto map options but can't see the same feature in the router ios

anyone any ideas or had to deal with this design before

thanks to anyone taking the time to reply or to read

Labels:
0 Helpful
1 Reply 1

Dennis Leon
Cisco Employee
Cisco Employee

‎01-03-2012 08:30 PM

Hello,

Please clarify me this:

The VPN is initiated from clients behind the router or the VPN is initiated from the router itself to the ASA itself and then hosts behing the router transmit traffic to the server behind the ASA?

If that is how your VPN is configured then you can do an EzVPN setup or a dynamic to static VPN L2L using the ASA as the server; that way only the router's side could initiate the VPN tunnel.

Please check these links for config samples:

Dynamic to Static L2L from router to ASA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b3d511.shtml

EzVPN from router as the client to ASA as the EzVPN Server.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

HIH....Dennis

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents