Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Re: Design Question on ASA ...:

Hi,

          This is a new requirement for a permanent site-to-site IPSec VPN between two different customers (customer A and customer B). I need to come up with the configuration whcih will create a permanent site-to-site VPN between customer A and B with the following restrictions :

1) Only allow OUTBOUND connections from Customer A to Customer B, not INBOUND connections from Customer B.

2) Only allow traffic from Customer A network  to Customer B and prevent the VPN connection in Customer B from accessing any of Customer A's other site servers ip subnet 192.168.10.0/23

          I would need help in writing this config as I am pretty new to this kind of setup OR any URL that talks abt. the above.

Appreciate any help provided.

Many thanks.

1 REPLY
New Member

Re: Design Question on ASA ...:

As for the VPN configuration, the two sites will have mirrored configuration. The ACLs defined for VPN interesting traffic would be reversed and that for the NAT exempt.

Here's a link for VPN configuration:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ike.html

To restrict traffic from Site B, you can simply use ACLs that you apply to an interface Access group.

Tanveer Dewan

tdeewan@cisco.com

165
Views
0
Helpful
1
Replies
CreatePlease to create content