I have a question about "VPN filter" on site to site VPN.
Local network:10.1.1.0/24 and Remote Network 192.168.1.0/24
My goal is to allow a telnet connections from the remote network to the local network.That being said i also want to make sure only "return" telnet traffic is allowed from local network. Local network should not be able to initiate any connection.
So, What exact ACE will be required in my ACL in order to accomplish the above task? I would really appriciate any help :-)
Thanks for the reply Mike! I just got a chance to test it in the lab and it didn't work with the ACE that you mentioned. I have to add the ACE for the reply traffic as well in order to make it work. So the final ACL is as below:
I believe the source of the problem is that your return traffic (using an arbitrary port as the destination port) is not matching your tcp port 23 acl, so the return traffic does not get routed through the VPN. That is exactly why you use IP for the interesting traffic acl and filter on the ingress interface of the firewalls/routers.
ie: source >>>>>> ACL (tcp port 23) on the ingress interface>> ASA/Cisco router >>>> interesting traffic ACL on IP >>>> Cisco ASA/router
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...