Link to home
Start Free TrialLog in
Avatar of techlinden
techlindenFlag for United States of America

asked on

best way to port forward services ipsec tunnel

I have an ipsec tunnel built from our datacenter to a test asa.  this will be for an ipsec tunnel we eventually put in production to a company we recently acquired.     MGT wants to limit the access of this tunnel to only certain services (ie.ports) on certain ips.  For example this new company will access the call mgr at our datacenter but will only have access to the necessary ports/services to register their mgcp gateways and their voip phones.


 I think with the vpn it bypasses all access lists and if I uncheck the box “bypass interface access lists for inbound sessions”   I think I’m going to force myself to have to create access lists for the anyconnect client as well which could be a bit of a pain?
 
What’s the best way to do this?  I was wondering about maybe natting and changing the nat rules to only nat certain ports but so far that hasn’t worked.  I also looked at the crypto map and played around with the source and destination ports thinking that i could make it so that i'm only protecting (encrypting) the ports i want open.  but that hasn't worked either.  Just curious what would be the best solution to accomplish this?   thanks for your input.
ASKER CERTIFIED SOLUTION
Avatar of techlinden
techlinden
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of techlinden

ASKER

created access-lists for the anyconnect