Configuring site-to-site using Cisco ASDM

Hi guys,
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,

Thanks for the anticipated response
lawrencedadaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
Hi,

please refer this page:

http://www.petenetlive.com/KB/Article/0000072.htm

Best regards,
Istvan
0
lawrencedadaAuthor Commented:
Thanks ikalmar, as i said in the post, i have configured the site-to-site, what i want to know is how to allow an external third parties access resources in our network,  I may be wrong, does that not involves
•      creating network object group,
•      creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I  am not very sure of how to go about it.
0
Istvan KalmarHead of IT Security Division Commented:
please show the whole config
0
lawrencedadaAuthor Commented:
Thanks ikalmar,
Am sorry it is not feasible to upload the config on this ASA, it so big it will take me the whole day to edit and screen all sensitive information on it, my opinion is that for what I was asking, you may not need the config to get it done.
Well I managed to figure it out, to allow a particular server of or subnet or vlan, you need to click on NETWORK OBJECT GROUP, and just add it, and to complete it  you need to use access list tab residing within firewall  area of ASDM, and just allow both in and out.

Yes I have completed this, and up to this time the point will not be awarded, but am waiting for the remote site guy to complete his own side of the VPN config, I will wait and see if there is any other question/s I may ask to deserve the point be awarded, if you don’t mind I will leave the problem opened and ask any question that may comes up.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ffleismaSenior Network EngineerCommented:
you can try adding an access list on your ASA.

prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)

then apply the access list to the appropriate interface

hope it helps :-)

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.