https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739896#M980521 <P>I have an ASA 5520 7.2 (I bleieve)</P><P>I am allowing an Ipsec tunnel thru this firewall, but the ASA itself is not an endpoint for this tunnel. Is it possible to filter the traffic that goes thru the tunnel and if so how?</P><P>All I really want to do is limit the devices allowed to use this tunnel ie allow IP 1 to IP 2 and drop everything else.</P><P>Thanks in advance.</P> Mon, 11 Mar 2019 10:16:03 GMT chrish 2019-03-11T10:16:03Z https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739896#M980521 <P>I have an ASA 5520 7.2 (I bleieve)</P><P>I am allowing an Ipsec tunnel thru this firewall, but the ASA itself is not an endpoint for this tunnel. Is it possible to filter the traffic that goes thru the tunnel and if so how?</P><P>All I really want to do is limit the devices allowed to use this tunnel ie allow IP 1 to IP 2 and drop everything else.</P><P>Thanks in advance.</P> Mon, 11 Mar 2019 10:16:03 GMT https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739896#M980521 chrish 2019-03-11T10:16:03Z https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739897#M980522 <HTML><HEAD></HEAD><BODY><P>Could you explain, is the vpn client inside or outside the firewall? What is the endpoint? As long as you don't want to filter traffic once the tunnel is established you should be able write a simple access-list to restrict which ip addresses are able to vpn. Also, is this remote access or lan to lan?</P></BODY></HTML> Thu, 17 May 2007 15:09:26 GMT https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739897#M980522 acomiskey 2007-05-17T15:09:26Z https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739898#M980523 <HTML><HEAD></HEAD><BODY><P>This is a lan to lan static tunnel. </P><P>Filtering traffic that is traveling thru the established tunnel is what I am trying to accomplish. </P><P>The endpoints are 2 devices by a company called SonicWall. The tunnel simply passes thru my firewall and I don't have access to the other devices to insure the security I desire.</P></BODY></HTML> Thu, 17 May 2007 16:12:05 GMT https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739898#M980523 chrish 2007-05-17T16:12:05Z https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739899#M980524 <HTML><HEAD></HEAD><BODY><P>Chris</P><P></P><P>If an encrypted VPN site to site tunnel is passing through your firewall I do not know of any way that you can examine or filter that traffic. Part of the purpose of IPSec VPN is that no intermediate device along the VPN path can see the data being transported.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Fri, 18 May 2007 16:37:44 GMT https://community.cisco.com/t5/network-security/filtering-tunnels/m-p/739899#M980524 Richard Burts 2007-05-18T16:37:44Z