Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Re: Design Question on ASA ...:


          This is a new requirement for a permanent site-to-site IPSec VPN between two different customers (customer A and customer B). I need to come up with the configuration whcih will create a permanent site-to-site VPN between customer A and B with the following restrictions :

1) Only allow OUTBOUND connections from Customer A to Customer B, not INBOUND connections from Customer B.

2) Only allow traffic from Customer A network  to Customer B and prevent the VPN connection in Customer B from accessing any of Customer A's other site servers ip subnet

          I would need help in writing this config as I am pretty new to this kind of setup OR any URL that talks abt. the above.

Appreciate any help provided.

Many thanks.

New Member

Re: Design Question on ASA ...:

As for the VPN configuration, the two sites will have mirrored configuration. The ACLs defined for VPN interesting traffic would be reversed and that for the NAT exempt.

Here's a link for VPN configuration:

To restrict traffic from Site B, you can simply use ACLs that you apply to an interface Access group.

Tanveer Dewan

CreatePlease to create content