<div>
you can block IP you want when you define the intersting traffic that pass between the two routers e.g:<br />
<br />
if that your normal ACL to go from Site B (10.10.10.0/24) to your HQ site (20.20.20.0/24)<br />
<br />
R1(config)# ip access-list extended VPN-TRAFFIC<br />
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255<br />
<br />
so let's say that your Printer IP in &nbsp;HQ Site is 20.20.20.5 and you want to deny it from ip 10.10.10.5 you simply modify it to be:<br />
<br />
R1(config)# ip access-list extended VPN-TRAFFIC<br />
R1(config-ext-nacl)# deny ip host 10.10.10.5 host 20.20.20.5 log<br />
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
</div>


you can block IP you want when you define the intersting traffic that pass between the two routers e.g:

if that your normal ACL to go from Site B (10.10.10.0/24) to your HQ site (20.20.20.0/24)

R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

so let's say that your Printer IP in  HQ Site is 20.20.20.5 and you want to deny it from ip 10.10.10.5 you simply modify it to be:

R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# deny ip host 10.10.10.5 host 20.20.20.5 log
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

<div>
<div class="content wysiwyg-content">
We have a branch office connected to our main site with an IPSEC tunnel.<br />
<br />
Inside said office is a printer that someone at the main site won't stop printing too by accident.<br />
<br />
How can we setup an ACL to block all traffic to the specific IP of the printer and so we can SYSLOG who is doing it?
</div>
</div>


We have a branch office connected to our main site with an IPSEC tunnel.

Inside said office is a printer that someone at the main site won't stop printing too by accident.

How can we setup an ACL to block all traffic to the specific IP of the printer and so we can SYSLOG who is doing it?

ACL to filter ipsec traffic

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.