Solved

Configuring site-to-site using Cisco ASDM

Posted on 2010-08-15
5
499 Views
Last Modified: 2012-05-10
Hi guys,
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,

Thanks for the anticipated response
0
Comment
Question by:lawrencedada
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33443179
Hi,

please refer this page:

http://www.petenetlive.com/KB/Article/0000072.htm

Best regards,
Istvan
0
 

Author Comment

by:lawrencedada
ID: 33451367
Thanks ikalmar, as i said in the post, i have configured the site-to-site, what i want to know is how to allow an external third parties access resources in our network,  I may be wrong, does that not involves
•      creating network object group,
•      creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I  am not very sure of how to go about it.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33451901
please show the whole config
0
 

Accepted Solution

by:
lawrencedada earned 0 total points
ID: 33461220
Thanks ikalmar,
Am sorry it is not feasible to upload the config on this ASA, it so big it will take me the whole day to edit and screen all sensitive information on it, my opinion is that for what I was asking, you may not need the config to get it done.
Well I managed to figure it out, to allow a particular server of or subnet or vlan, you need to click on NETWORK OBJECT GROUP, and just add it, and to complete it  you need to use access list tab residing within firewall  area of ASDM, and just allow both in and out.

Yes I have completed this, and up to this time the point will not be awarded, but am waiting for the remote site guy to complete his own side of the VPN config, I will wait and see if there is any other question/s I may ask to deserve the point be awarded, if you don’t mind I will leave the problem opened and ask any question that may comes up.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33470614
you can try adding an access list on your ASA.

prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)

then apply the access list to the appropriate interface

hope it helps :-)

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now