Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Limiting access to certain servers with a site to site vpn between two ASA devices

We recently lost our CISCO admin and I have to setup a site to site vpn connection with another company and was looking at the site to site vpn wizard. This looks fairly self-explanatory but I had a question, can I limit the access to a certain server and can I do it through the wizard? Can I choose a server as the local network on step 5 (Hosts and Networks) will this accomplish what I am trying to do?

Cisco Employee

Limiting access to certain servers with a site to site vpn betwe


You are free to limit the traffic selectors to whatever Subnet/Host/IP protocol/port you wish (both source and destination)

However bare that in mind:

- Keep the ACLs as specific as possible

- Aggregarte the ACLs whenever possible.

There is a balancing act there to be done. More access list entries will mean (potentially) more IPsec SAs with all the good and bad things which come from it.

Another way of achieving what you're looking for is using vpn-filter funcionality.

It allows you to associate an access list which will filter inbound traffic only.


CreatePlease to create content