Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ios router to asa - one way vpn


i'm setting up a vpn with traffic initiated from clients behind a 2800 router to a web server behind a remote asa

i've a small lab in gns3 with a router to router setup first and then with router to asa which i'm using to test configs

my query is how to configure the setup to only allow traffic initiated from the clients behind the router

i've saw the set connection option for the asa but in the production environment i won't have access to the asa as its managed by a third party so i can't rely on them securing the connection to my design/configuration

i've checked the crypto map options but can't see the same feature in the router ios

anyone any ideas or had to deal with this design before

thanks to anyone taking the time to reply or to read

New Member

ios router to asa - one way vpn


Please clarify me this:

The VPN is initiated from clients behind the router or the VPN is initiated from the router itself to the ASA itself and then hosts behing the router transmit traffic to the server behind the ASA?

If that is how your VPN is configured then you can do an EzVPN setup or a dynamic to static VPN L2L using the ASA as the server; that way only the router's side could initiate the VPN tunnel.

Please check these links for config samples:

Dynamic to Static L2L from router to ASA

EzVPN from router as the client to ASA as the EzVPN Server.


CreatePlease login to create content