Configuring site-to-site using Cisco ASDM
Hi guys,
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,
Thanks for the anticipated response
Please I need to add servers to site-to-site VPN on Cisco ASA 5520, please I have setup my side of site-to-site using ASDM, and I have manage to connect to remote site (Third party), but am struggling adding the servers the third party are allowed to access on our network, i.e. I have 4 servers
172.16.20.X/24
172.16.23.X/24
172.16.24.X/24
172.16.25.X/24
Please I have other servers on the network that has 172.16.x.x, and the third party are not allowed to access them.
And the third part are also allowing us access to 4 of their servers
10.20.16.X/24
10.20.17.X/24
10.20.18.X/24
10.20.16.X/24
Please i will be grateful if you can show me step-by-step process of doing this using ASDM,
Thanks for the anticipated response
ASKER
Thanks ikalmar, as i said in the post, i have configured the site-to-site, what i want to know is how to allow an external third parties access resources in our network, I may be wrong, does that not involves
• creating network object group,
• creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I am not very sure of how to go about it.
• creating network object group,
• creating access list that permit/deny that group from what they are allowed/not allowed on the network
I have an idea of what I want to do it, only that I am not very sure of how to go about it.
please show the whole config
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can try adding an access list on your ASA.
prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)
then apply the access list to the appropriate interface
hope it helps :-)
prevent third-party access to your nework EXCEPT the 4servers.
ip access-list extended 3prty_to_internal
permit ip <source x.x.x.x place subnet of third party> mask 172.16.20.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.23.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.24.x 0.0.0.0
permit ip <source x.x.x.x place subnet of third party> mask 172.16.25.x 0.0.0.0
deny any any (this is implicitly denied, but best practice to put to see denied counter)
then apply the access list to the appropriate interface
hope it helps :-)
please refer this page:
http://www.petenetlive.com/KB/Article/0000072.htm
Best regards,
Istvan