vpn traffic filtering on site to site VPNs

Hi I have a site to site VPN on an ASA device running OS 8.4
my side of the network is on / 24
the other side of the VPN is / 24
I need to set up a rule so that while I can access all hosts on / 24
none of the hosts on / 24 should be able to access our side of the tunnel.

Is this possible?
Who is Participating?
alienXenoConnect With a Mentor Commented:
check vpn filters for ASA at

 The vpn-filter is applied to post-decrypted traffic after it exits a tunnel and pre-encrypted traffic before it enters a tunnel.
Exercise caution when you construct the ACLs for use with the vpn-filter feature. The ACLs are constructed with the post-decrypted traffic (inbound VPN traffic) in mind. However, they are also applied to the traffic originated in the opposite direction.
Ernie BeekExpertCommented:
I think that should be possible. If you have something like sysopt permit-vpn in your config, remove that. After that you need to allow vpn traffic through an ACE on the outside interface just like any other traffic from the outside.
So if you don't add a rule I think it would work like any other traffic through the ASA. From the inside to the outside and return traffic should work.
eggster34Author Commented:
that does not work at all.
Ernie BeekExpertCommented:

Could you tell what you did? And could you have a look at the logging to see if anything shows there?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.