Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN3005 Lan2Lan, permit access to one host on subnet only?

Hello,

We have a IPSec LAN-2-LAN connection between two VPN concentrators 3005 and two private subnets behind.

How must i configure filter/rules for permit access

to one host and one port (e.g.192.168.10.10 SSH) on

a subnet ?

Thanks a lot

Enrico Siefert, Germany

3 REPLIES
New Member

Re: VPN3005 Lan2Lan, permit access to one host on subnet only?

specify that one host in your network list

drop all protocols other than ssh

New Member

Re: VPN3005 Lan2Lan, permit access to one host on subnet only?

You mean i should only configure a subnet with only one host and protocol and specify this in my lan2lan connection? No rules ore filters ? Is this secure?

Thanks

Bronze

Re: VPN3005 Lan2Lan, permit access to one host on subnet only?

The 3000 concentrator doesn't support the specification of protocols and ports in the network lists, so you'll still need a filter applied to the L2L tunnel which only permits SSH. However, you can just put a single host address in the network list to restrict tunnel access to just that host. There should be no security issues, assuming your filter does what you want.

350
Views
0
Helpful
3
Replies
CreatePlease login to create content