08-27-2012 12:27 PM
I have to setup access for a support vendor that needs access to just a few IP addresses in my datacenter but all of my branch locations. In the LAN to LAN setup can I enter more than one IP and subnets?
Thanks!
Chad
Solved! Go to Solution.
08-27-2012 01:44 PM
HI Chad,
"In the LAN to LAN setup can I enter more than one IP and subnets?"
Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.
However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"
group-policy filter internal group-policy filter attributes vpn-filter value 103
Reference:
Thanks
Rizwan Rafeek
08-27-2012 01:44 PM
HI Chad,
"In the LAN to LAN setup can I enter more than one IP and subnets?"
Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.
However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"
group-policy filter internal group-policy filter attributes vpn-filter value 103
Reference:
Thanks
Rizwan Rafeek
08-27-2012 01:48 PM
Thanks Rizwan!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: