[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Configuring site-to-site using Cisco ASDM

Posted on 2010-08-15
5
Medium Priority
?
512 Views
Last Modified: 2012-05-10
Hi guys,
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,

Thanks for the anticipated response
0
Comment
Question by:lawrencedada
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33443179
Hi,

please refer this page:

http://www.petenetlive.com/KB/Article/0000072.htm

Best regards,
Istvan
0
 

Author Comment

by:lawrencedada
ID: 33451367
Thanks ikalmar, as i said in the post, i have configured the site-to-site, what i want to know is how to allow an external third parties access resources in our network,  I may be wrong, does that not involves
•      creating network object group,
•      creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I  am not very sure of how to go about it.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33451901
please show the whole config
0
 

Accepted Solution

by:
lawrencedada earned 0 total points
ID: 33461220
Thanks ikalmar,
Am sorry it is not feasible to upload the config on this ASA, it so big it will take me the whole day to edit and screen all sensitive information on it, my opinion is that for what I was asking, you may not need the config to get it done.
Well I managed to figure it out, to allow a particular server of or subnet or vlan, you need to click on NETWORK OBJECT GROUP, and just add it, and to complete it  you need to use access list tab residing within firewall  area of ASDM, and just allow both in and out.

Yes I have completed this, and up to this time the point will not be awarded, but am waiting for the remote site guy to complete his own side of the VPN config, I will wait and see if there is any other question/s I may ask to deserve the point be awarded, if you don’t mind I will leave the problem opened and ask any question that may comes up.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33470614
you can try adding an access list on your ASA.

prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)

then apply the access list to the appropriate interface

hope it helps :-)

0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question