cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
395
Views
5
Helpful
2
Replies

Limited access over STS Tunnel

ray_stone
Level 1
Level 1

Hello Experts,

I need some assistance to provide limited access from remote to local machines over STS Tunnel. The STS Tunnel is estlablished between two sites and I want that remote machine can access only few machines with specific ports.

Lets say 192.168.0.0/24 is a subnet of Local site and 192.168.10.0/24 is a subnet of remote location and now I want only tcp/9001 port be allowed from remote to local machines and tcp/8001 port be allowed from local to remote machines.

For this, I have allowed the traffic in cryto map access lists but exempt the network from source to destination on Inside interface and it's working in correct manner but if somebidy allow the IP protocol at remote firewall in cryto access list then the remote machines would have complete access of local machines that I want to restrict and I need your assist on this.

Thanks.

2 Replies 2

npokhriy
Level 1
Level 1

Hi Ray,

Best way to restrict the traffic across vpn is to configure vpn-filters.

You can get more information regarding vpn-filters from following link:-

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml#configss

Please let me know if it helps.

Regards,

Naresh

Jeet Kumar
Cisco Employee
Cisco Employee

Hi Ray,

Naresh is absolutely right.

The best way to restrict the access on the basis of port is VPN filter.

Please go through the link that naresh has provided and if you have any question please feel free to contact.

Thanks

Jeet

Review Cisco Networking for a $25 gift card