Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
2
Replies

Quick question about 'local network' for ASA 5500 LAN to LAN

Go to solution
cweatherford
Level 1
Level 1

‎08-27-2012 12:27 PM

I have to setup access for a support vendor that needs access to just a few IP addresses in my datacenter but all of my branch locations. In the LAN to LAN setup can I enter more than one IP and subnets?

Thanks!

Chad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rizwanr74
Level 7
Level 7

‎08-27-2012 01:44 PM

HI Chad,

"In the LAN to LAN setup can I enter more than one IP and subnets?"

Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.

However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"

group-policy filter internal
group-policy filter attributes
 vpn-filter value 103

Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Thanks

Rizwan Rafeek

View solution in original post

0 Helpful
2 Replies 2

Go to solution
rizwanr74
Level 7
Level 7

‎08-27-2012 01:44 PM

HI Chad,

"In the LAN to LAN setup can I enter more than one IP and subnets?"

Sure you can, if you are planing to setup land to land IPSec tunne, it is your no-nat and crypto acl can be used to control what are allowed and what not over the tunnel itself.

However if you planing to use a remote-access tunnel instead, it is your "vpn-filter value" and associate it with an ACL and in the example below group name is set as "filter"

group-policy filter internal
group-policy filter attributes
 vpn-filter value 103

Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Thanks

Rizwan Rafeek

0 Helpful

Go to solution
cweatherford
Level 1
Level 1
In response to rizwanr74

‎08-27-2012 01:48 PM

Thanks Rizwan!

0 Helpful
Customers Also Viewed These Support Documents