cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
1
Replies

VPN Initiator Question

ledesma11
Level 1
Level 1

Is it possible to have VPN tunnel set up as VPN initiator while having only one host be set as both initiator and receiver?

For example:

All hosts in 10.10.0.0/18 are permitted over the tunnel.  However there's one host 10.10.50.50(DNS Server) which needs to be set as bi-directional.

Also if this is possible would it apply to both Site to Site and Client to Site VPN's?

ASA Config:

5510 running 8.0(5) also has High Availability configured

Thanks

1 Reply 1

ju_mobile
Level 1
Level 1

Hi,

If you review the basics of the VPN it may answer your question.

Crypto-map= identifies interesting traffic to initiate VPN

ACL= identifies what can communicate across the VPN, if enabled in crypto and disabled in ACL. It ain't happening

You wish to allow a subnet so the traffic has to be matched in the crypto to initiate the tunnel. The traffic then also matched by the acl is then allowed. If you wish you can consider this a double acl. If you do not match both, then you won't get through. All hosts matching will initiate the tunnel.

In summary, if you wish to allow a single host to initiate a 2-way VPN and then allow traffic in both directions.

The answer as I understand it is, No

Sent from Cisco Technical Support iPad App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: