Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
1
Replies

Re: Design Question on ASA ...:

sanjaynadarajah
Level 1
Level 1

‎02-07-2010 11:47 PM

Hi,

          This is a new requirement for a permanent site-to-site IPSec VPN between two different customers (customer A and customer B). I need to come up with the configuration whcih will create a permanent site-to-site VPN between customer A and B with the following restrictions :

1) Only allow OUTBOUND connections from Customer A to Customer B, not INBOUND connections from Customer B.

2) Only allow traffic from Customer A network  to Customer B and prevent the VPN connection in Customer B from accessing any of Customer A's other site servers ip subnet 192.168.10.0/23

          I would need help in writing this config as I am pretty new to this kind of setup OR any URL that talks abt. the above.

Appreciate any help provided.

Many thanks.

Labels:
0 Helpful
1 Reply 1

Tanveer Deewan
Cisco Employee
Cisco Employee

‎02-12-2010 04:04 PM

As for the VPN configuration, the two sites will have mirrored configuration. The ACLs defined for VPN interesting traffic would be reversed and that for the NAT exempt.

Here's a link for VPN configuration:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html

To restrict traffic from Site B, you can simply use ACLs that you apply to an interface Access group.

Tanveer Dewan

tdeewan@cisco.com

0 Helpful
Customers Also Viewed These Support Documents