Solved

To allow one-way access through L2L using Cisco firewall

Posted on 2008-10-11
4
543 Views
Last Modified: 2012-05-05
Dear all

I'd appreciate if you could help.

Currently, the IPSec L2L VPN is perfectly working fine using Cisco ASA 5510 (at HQ) and ASA 5505 (at partner place). I can ping from HQ to any internal IP address of partner site and vice versa.

How to restrict only one-way direction by only HQ can access the network of partner site, for example, RDP to a server which located at partner site. In partner network, they cannot RDP to any machine/server in HQ.

Please note that I have configured L2L through ASDM Wizard. It was a default settings. HQ network segment is 192.168.20.0/24 and Partner network is 192.168.1.0/24.

Thanks in advanced.
0
Comment
Question by:chekfu
  • 2
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22696332
You need to create a VPN filter. Except you need to deny all traffic from the remote network instead of permit as in the following documentation.
Here is the Cisco document to guide you through doing this.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml 
Let me know if you have any questions!
Cheers!
0
 
LVL 1

Author Comment

by:chekfu
ID: 22703127
I've just tried according to the article given. Applying VPN filter with a deny access rule from remote network segment 192.168.1.0/24 to local network segment 192.168.17.0/24

Unfortunately, it wasn't work.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22704112
Can you please post your config so I can take a look? Please don't xxxx out IPs except your public ones.
Cheers!
0
 
LVL 1

Accepted Solution

by:
chekfu earned 0 total points
ID: 23213827
I log call to Cisco support. They remotely resolve it for me. So, I'm OK with it. According to him, use PAT concept rather than whole local private LAN segment.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Supervisor upgrade to 2T 3 49
Cisco UCM licensing - do the unregistered count? 2 51
AWS VPS as AD Server 2 55
logging buffered 8 39
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now