To allow one-way access through L2L using Cisco firewall

Dear all

I'd appreciate if you could help.

Currently, the IPSec L2L VPN is perfectly working fine using Cisco ASA 5510 (at HQ) and ASA 5505 (at partner place). I can ping from HQ to any internal IP address of partner site and vice versa.

How to restrict only one-way direction by only HQ can access the network of partner site, for example, RDP to a server which located at partner site. In partner network, they cannot RDP to any machine/server in HQ.

Please note that I have configured L2L through ASDM Wizard. It was a default settings. HQ network segment is 192.168.20.0/24 and Partner network is 192.168.1.0/24.

Thanks in advanced.
LVL 1
chekfuAsked:
Who is Participating?
 
chekfuConnect With a Mentor Author Commented:
I log call to Cisco support. They remotely resolve it for me. So, I'm OK with it. According to him, use PAT concept rather than whole local private LAN segment.
0
 
PugglewuggleCommented:
You need to create a VPN filter. Except you need to deny all traffic from the remote network instead of permit as in the following documentation.
Here is the Cisco document to guide you through doing this.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml 
Let me know if you have any questions!
Cheers!
0
 
chekfuAuthor Commented:
I've just tried according to the article given. Applying VPN filter with a deny access rule from remote network segment 192.168.1.0/24 to local network segment 192.168.17.0/24

Unfortunately, it wasn't work.
0
 
PugglewuggleCommented:
Can you please post your config so I can take a look? Please don't xxxx out IPs except your public ones.
Cheers!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.